"Since the HMAC is only 96 bits long, even a generic collision requires only about 248 HMAC computations" But a sequence/call-flow diagram is on the page Sandeep referenced: http://www.mitls.org/pages/attacks/SLOTH - M -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160108/2c6e322b/attachment-0001.html>
