1. Impl. mistake, nonces are always repeated. 2. Random nonce collision due to small entropy. 3. Accidental nonce repeat (~VM state restore)
1 thing that may not be clear from my email: I think longer nonces could admit additions for helping w/ #2.
-
-
Also AES-GCM-SIV doesn't have to solve every problem. Maybe most apps should use a more conservative thing.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.