[noise] Thoughts on semi-deterministic encryption

Tony Arcieri bascule at gmail.com
Wed Aug 27 11:05:19 PDT 2014


On Tue, Aug 26, 2014 at 9:43 PM, Jonathan Moore <moore at eds.org> wrote:

> I can imagine a few, but in practice the our down fall often due to the
> ones we don't imagine. After this paper:
>
>    https://factorable.net/weakkeys12.extended.pdf
>
> and this paper:
>
>    http://eprint.iacr.org/2013/734
>

These papers are both about bad random numbers being used for key
generation. There's little to be done if you have a bad entropy source for
generating keys.


> Why not protect against these possible flaws? And even more so why not at
> least discuss mitigation possibilities?
>

Combining the time and some random data or a counter and some random data
should prevent nonce reuse, at least within the granularity of your
counting scheme, in the event that the data coming out of the RNG repeats.

--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20140827/077bab18/attachment.html>


More information about the Noise mailing list