[noise] Thoughts on semi-deterministic encryption
Brian Warner
warner at lothar.com
Wed Aug 27 17:27:03 PDT 2014
On 8/27/14, 5:13 PM, Jonathan Moore wrote:
> djb has mostly convinced me that it is just not a good idea to use
> clocks as they really have no defined security properties; and drive
> makers have convinced me not to trust storage ;)
Heh, and everyone else has been busy convincing us to not trust RNGs :).
> Thanks I will check out HKDF.
The spec is in https://tools.ietf.org/html/rfc5869 , and the paper that
describes the security properties is at http://eprint.iacr.org/2010/264
.
> Have you looked at the construction of HS1-SIV which uses the
> authenticator as the IV? ( Someone on #tahoe-lafs pointed me to it )
> It allows two pass authenticated encryption with a SIV.
No, I haven't. Is there a paper or something I could look at?
cheers,
-Brian
More information about the Noise
mailing list