XChaCha20-Poly1305 is for the case where you don't have a way to guarantee a unique nonce. How would you choose one?
-
-
Replying to @BRIAN_____
And by "random" I mean something like hash(random+message+time+counter+unique).
1 reply 0 retweets 0 likes -
Replying to @zooko
If you feed random+message+time+counter+unique into PRNG state then you can just use the PRNG, right? Though message is low entropy.
1 reply 0 retweets 0 likes -
Replying to @BRIAN_____
I dunno — I don't really like the paradigm of stateful PRNGs that much…
1 reply 0 retweets 0 likes -
Replying to @zooko
Consider a message with the same value always sent at the same time. Then message + time would be perfectly correlated.
2 replies 0 retweets 0 likes
Replying to @BRIAN_____ @zooko
Stateful PRNGs seem like they can mitigate this kind of correlation, esp. when attacker can't see all requests/responses.
12:34 PM - 22 Feb 2017
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.