@matthew_d_green @tqbf @dchest @marshray updated the diagram w\ MACing the nonce. Still unclear on the specifics: https://gist.github.com/tarcieri/5351974 …
-
-
@bascule@matthew_d_green@tqbf@dchest Even with perfect nonces, using AES-128 expect a keystream collision after just 2^64 encryptions. -
@marshray@matthew_d_green@tqbf@dchest but I'd be using a separate key each time the nonce is changed -
@bascule@matthew_d_green@tqbf@dchest doesn't matter if the plaintext block counter always starts at 0 and AES key input is only 128 bits. -
@marshray@matthew_d_green@tqbf@dchest well, the real goal would be to use aes256estream
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.