@marshray NaCl's aes128ctr uses a 128-bit nonce. Combined with a 128-bit key, isn't that sufficient? https://github.com/jedisct1/libsodium/blob/master/src/libsodium/include/sodium/crypto_stream_aes128ctr.h#L5 …
-
-
@bascule Sufficient or no it's not CTR mode, which requires nonce and counter 2b separate bitfields and *no* wrapping or overlaps (ever)</b> -
@marshray do you think there's a non-negligible chance of that happening given a 128-bit key and 128-bit nonce? -
@bascule despite what crypto_stream_aes128ctr.h implies, AES can't take a 128-bit nonce and still have room for a meaningful counter value -
@marshray I am glad I am doing this as a thought exercise and not something anyone ever intends to use ;)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.