[noise] Thoughts on semi-deterministic encryption

Jonathan Moore moore at eds.org
Wed Aug 27 18:12:52 PDT 2014


On Wed, Aug 27, 2014 at 5:38 PM, Tony Arcieri <bascule at gmail.com> wrote:

> On Wed, Aug 27, 2014 at 5:13 PM, Jonathan Moore <moore at eds.org> wrote:
>
>> djb has mostly convinced me
>>
>
> You might check out his thoughts in the XSalsa20 paper:
>
> http://cr.yp.to/snuffle/xsalsa-20081128.pdf
>
> "There is also a standard counterargument. Counters might sound simple but
> are sometimes mismanaged by applications, destroying security. Rather than
> blaming the application for this failure, we can append random bits to the
> nonce,
> adding protection that is likely to succeed even if the counter fails."
>
> Combining counters and RNG data was one of the reasons he created XSalsa20
> in the first place.
>

Sure, but counters and clocks are different things, and there are
interesting environments with out storage at all. I understand that I am
not discussing ideas that might not get used every day but they are not
uninteresting which is what it feels like you are trying to argue for.

-Jonathan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20140827/bb2e2cea/attachment.html>


More information about the Noise mailing list