[noise] Thoughts on semi-deterministic encryption
Tony Arcieri
bascule at gmail.com
Wed Aug 27 17:38:49 PDT 2014
On Wed, Aug 27, 2014 at 5:13 PM, Jonathan Moore <moore at eds.org> wrote:
> djb has mostly convinced me
>
You might check out his thoughts in the XSalsa20 paper:
http://cr.yp.to/snuffle/xsalsa-20081128.pdf
"There is also a standard counterargument. Counters might sound simple but
are sometimes mismanaged by applications, destroying security. Rather than
blaming the application for this failure, we can append random bits to the
nonce,
adding protection that is likely to succeed even if the counter fails."
Combining counters and RNG data was one of the reasons he created XSalsa20
in the first place.
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20140827/7f96b2f4/attachment.html>
More information about the Noise
mailing list