Skip to content
#

ghash

Here are 9 public repositories matching this topic...

Browser-based key-commitment demo — invisible salamanders, DGRW 2019. One AES-GCM ciphertext decrypts to two different plaintexts under two different keys, both tags valid. AEAD never promised a ciphertext maps to one key. Real GF(2^128) collision, accepted by WebCrypto's own verifier. No backends.

  • Updated Jul 16, 2026
  • TypeScript

Browser-based AES-GCM vs AES-GCM-SIV comparison — live nonce reuse attack showing keystream XOR recovery and GHASH key extraction, synthetic IV construction visualizer, and side-by-side misuse-resistance comparison. RFC 8452. Part of crypto-lab.

  • Updated Jul 15, 2026
  • TypeScript

Improve this page

Add a description, image, and links to the ghash topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the ghash topic, visit your repo's landing page and select "manage topics."

Learn more