[noise] Thoughts on semi-deterministic encryption

Jonathan Moore moore at eds.org
Tue Aug 26 21:43:08 PDT 2014

On Tue, Aug 26, 2014 at 6:11 PM, Tony Arcieri <bascule at gmail.com> wrote:
> Okay, but you're combining this data with other data from your RNG. What
> scenario do you foresee an actual nonce collision? It would seem to imply
> an attacker controls both your clock and your RNG.

I can imagine a few, but in practice the our down fall often due to the
ones we don't imagine. After this paper:


and this paper:


There is little reason to believe that people wont deploy very broken
systems. And motivated attackers have shown over and over again they can
exploit flaws experts think are unexploitable.

Why not protect against these possible flaws? And even more so why not at
least discuss mitigation possibilities?

In this hole thread you have been trying to convince me that I should not
worry. My original message asked some specific questions that were not "is
this worth worrying about". If my questions don't interest you I
understand. There are lots of environments, possibly all the ones you care
about, where these failures are very unlikely; but that dose not make the
discussion uninteresting.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20140826/d2089fdc/attachment.html>

More information about the Noise mailing list