[noise] Thoughts on semi-deterministic encryption

Tony Arcieri bascule at gmail.com
Wed Aug 27 17:38:49 PDT 2014


On Wed, Aug 27, 2014 at 5:13 PM, Jonathan Moore <moore at eds.org> wrote:

> djb has mostly convinced me
>

You might check out his thoughts in the XSalsa20 paper:

http://cr.yp.to/snuffle/xsalsa-20081128.pdf

"There is also a standard counterargument. Counters might sound simple but
are sometimes mismanaged by applications, destroying security. Rather than
blaming the application for this failure, we can append random bits to the
nonce,
adding protection that is likely to succeed even if the counter fails."

Combining counters and RNG data was one of the reasons he created XSalsa20
in the first place.

-- 
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20140827/7f96b2f4/attachment.html>


More information about the Noise mailing list