@bascule @matthew_d_green @tqbf @dchest Not if you feed the nonce into the HKDF and leave it out of the AES-CTR initialization.
-
-
Replying to @bascule
@bascule http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf … "for each message encrypted by a key...must ensure uniqueness of all the counter blocks across all messages"2 replies 0 retweets 0 likes -
Replying to @marshray
@marshray NaCl's aes128ctr uses a 128-bit nonce. Combined with a 128-bit key, isn't that sufficient? https://github.com/jedisct1/libsodium/blob/master/src/libsodium/include/sodium/crypto_stream_aes128ctr.h#L5 …1 reply 0 retweets 0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.