On Mon, 2014-12-01 at 16:43 -0800, Alex Elsayed wrote: > including that MAC-then-encrypt is fragile > against a number of attacks, mainly in the padding-oracle category (See: TLS > BEAST attack). Well but here we talk about disk encryption... how would the MtE oracle problems apply to that? Either you're already in the system, i.e. beyond disk encryption (and can measure any timing difference)... or you're not, but then you cannot measure anything. Cheers, Chris.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
