[noise] Thoughts on semi-deterministic encryption
Tony Arcieri
bascule at gmail.com
Wed Aug 27 11:05:19 PDT 2014
On Tue, Aug 26, 2014 at 9:43 PM, Jonathan Moore <moore at eds.org> wrote:
> I can imagine a few, but in practice the our down fall often due to the
> ones we don't imagine. After this paper:
>
> https://factorable.net/weakkeys12.extended.pdf
>
> and this paper:
>
> http://eprint.iacr.org/2013/734
>
These papers are both about bad random numbers being used for key
generation. There's little to be done if you have a bad entropy source for
generating keys.
> Why not protect against these possible flaws? And even more so why not at
> least discuss mitigation possibilities?
>
Combining the time and some random data or a counter and some random data
should prevent nonce reuse, at least within the granularity of your
counting scheme, in the event that the data coming out of the RNG repeats.
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20140827/077bab18/attachment.html>
More information about the Noise
mailing list