[noise] Thoughts on semi-deterministic encryption

Tony Arcieri bascule at gmail.com
Wed Aug 27 11:05:19 PDT 2014

On Tue, Aug 26, 2014 at 9:43 PM, Jonathan Moore <moore at eds.org> wrote:

> I can imagine a few, but in practice the our down fall often due to the
> ones we don't imagine. After this paper:
>    https://factorable.net/weakkeys12.extended.pdf
> and this paper:
>    http://eprint.iacr.org/2013/734

These papers are both about bad random numbers being used for key
generation. There's little to be done if you have a bad entropy source for
generating keys.

> Why not protect against these possible flaws? And even more so why not at
> least discuss mitigation possibilities?

Combining the time and some random data or a counter and some random data
should prevent nonce reuse, at least within the granularity of your
counting scheme, in the event that the data coming out of the RNG repeats.

Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20140827/077bab18/attachment.html>

More information about the Noise mailing list