The current of P_MAX and A_MAX was based on the P_MAX value of around 2^36 bytes in RFC 5116. This leads to ideal forgery probability for up to 95-bit tags.
Should we change P_MAX and A_MAX to <= 2^35 bytes to get ideal forgery probability for 96-bit tags?
The current of P_MAX and A_MAX was based on the P_MAX value of around 2^36 bytes in RFC 5116. This leads to ideal forgery probability for up to 95-bit tags.
Should we change P_MAX and A_MAX to <= 2^35 bytes to get ideal forgery probability for 96-bit tags?