Hacker News new | past | comments | ask | show | jobs | submit login

Poly1305 is a fundamentally different class of authenticator than HMAC-SHA256: the addition of an nonce into the function makes it unsuitable for some environments. But given Intel's new instructions, GCM is looking like a more attractive polynomial MAC these days.

Why would you take GCM over OCB (apart from patents)? Or, for that matter, OMAC/EAX?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact