The solution is to include a MAC. While it’s possible to screw up HMAC and leak timing, it’s also relatively easier to get right and saves you from a great many attacks against the encryption directly.
The solution is to include a MAC. While it’s possible to screw up HMAC and leak timing, it’s also relatively easier to get right and saves you from a great many attacks against the encryption directly.