@bascule @matthew_d_green @dchest @marshray I would not feel comfortable publishing a library with my own informally reviewed cryptosystem.
@marshray @matthew_d_green @tqbf @dchest my plan was deriving a unique AES-CTR nonce via HKDF as well, in addition to the key
-
-
-
@matthew_d_green@marshray@tqbf@dchest I was thinking an RNG could be used for both the key an nonce inputs to HKDF
End of conversation
New conversation -
-
-
@bascule Yeah, deriving 64 or more bits of nonce into the MSBits of the AES-CTR plaintext would help immensely.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.