1. Impl. mistake, nonces are always repeated. 2. Random nonce collision due to small entropy. 3. Accidental nonce repeat (~VM state restore)
-
-
The properties haven't changed. With a fixed nonce it behaves like GCM with a random nonce (except deterministic).
2 replies 1 retweet 1 like -
The point of the discussion was that you can do at most 256 re-uses of a given nonce-key pair. Or did I misunderstand sth?
2 replies 0 retweets 0 likes -
this is also what I understood from the current draft.
@BRIAN_____ was quicker posting to list than me :)2 replies 0 retweets 1 like -
1 thing that may not be clear from my email: I think longer nonces could admit additions for helping w/ #2.
1 reply 0 retweets 0 likes
Replying to @BRIAN_____ @a_z_e_t and
Also AES-GCM-SIV doesn't have to solve every problem. Maybe most apps should use a more conservative thing.
11:33 AM - 19 Jan 2017
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.