@bascule @matthew_d_green @dchest @marshray It doesn’t sound that way from the ticket; sounds like you’re saying, “use this for NIST crypto”
-
-
Replying to @tqbf
@tqbf@matthew_d_green@dchest@marshray so I take it you think even exposing it at all is a bad idea2 replies 0 retweets 0 likes -
Replying to @bascule
@bascule@matthew_d_green@dchest@marshray I would not feel comfortable publishing a library with my own informally reviewed cryptosystem.1 reply 0 retweets 0 likes -
Replying to @tqbf
@tqbf@dchest@marshray that's why I was asking@matthew_d_green ;)3 replies 0 retweets 0 likes -
Replying to @bascule3 replies 0 retweets 0 likes
-
Replying to @matthew_d_green
@matthew_d_green@tqbf@dchest@marshray updated the diagram w\ MACing the nonce. Still unclear on the specifics: https://gist.github.com/tarcieri/5351974 …1 reply 0 retweets 0 likes -
Replying to @bascule
@bascule@matthew_d_green@tqbf@dchest Even with perfect nonces, using AES-128 expect a keystream collision after just 2^64 encryptions.1 reply 0 retweets 0 likes -
Replying to @marshray
@marshray@matthew_d_green@tqbf@dchest but I'd be using a separate key each time the nonce is changed1 reply 0 retweets 0 likes -
Replying to @bascule
@bascule@matthew_d_green@tqbf@dchest doesn't matter if the plaintext block counter always starts at 0 and AES key input is only 128 bits.3 replies 0 retweets 0 likes
@marshray @matthew_d_green @tqbf @dchest well, the real goal would be to use aes256estream
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.