[noise] Thoughts on semi-deterministic encryption

Brian Warner warner at lothar.com
Wed Aug 27 17:27:03 PDT 2014

On 8/27/14, 5:13 PM, Jonathan Moore wrote:

> djb has mostly convinced me that it is just not a good idea to use
> clocks as they really have no defined security properties; and drive
> makers have convinced me not to trust storage ;)

Heh, and everyone else has been busy convincing us to not trust RNGs :).

> Thanks I will check out HKDF.

The spec is in https://tools.ietf.org/html/rfc5869 , and the paper that
describes the security properties is at http://eprint.iacr.org/2010/264

> Have you looked at the construction of HS1-SIV which uses the
> authenticator as the IV? ( Someone on #tahoe-lafs pointed me to it )
> It allows two pass authenticated encryption with a SIV.

No, I haven't. Is there a paper or something I could look at?


More information about the Noise mailing list