From: Michael Savage <mikejsavage@gmail.com>
Date: Thu, 7 Dec 2017 18:05:06 +0000 (+0200)
Subject: Re-add the paragraph about corruption being 3x slower to detect
X-Git-Url: https://git.codecow.com/?a=commitdiff_plain;h=55e76010846450f7eb92f2cfbd499c0ab3022ba9;p=Monocypher.git

Re-add the paragraph about corruption being 3x slower to detect
---

diff --git a/doc/man/man3/crypto_lock_init.3monocypher b/doc/man/man3/crypto_lock_init.3monocypher
index 6f4f1bc..3c5745b 100644
--- a/doc/man/man3/crypto_lock_init.3monocypher
+++ b/doc/man/man3/crypto_lock_init.3monocypher
@@ -234,3 +234,9 @@ Chacha20 and Poly1305 are described in RFC 7539.
 XChacha20 derives from Chacha20 the same way XSalsa20 derives from
 Salsa20, and benefits from the same security reduction (proven secure
 as long as Chacha20 itself is secure).
+.Sh IMPLEMENTATION DETAILS
+The incremental interface is roughly three times slower than the direct
+interface at identifying corrupted messages.
+This is because the incremental interface works in a single pass and has
+to interleave decryption and verification.
+Users who expect a high corruption rate may want to avoid it.