@tqbf @dchest @marshray that's why I was asking @matthew_d_green ;)
-
-
Replying to @bascule3 replies 0 retweets 0 likes
-
Replying to @matthew_d_green
@matthew_d_green@tqbf@dchest@marshray am I good to go with HMAC(nonce || ciphertext, hmac_key) ?2 replies 0 retweets 0 likes -
Replying to @bascule
@bascule@matthew_d_green@tqbf@dchest Usually key is first and include the nonce length. HMAC(K_mac, nonce_length || nonce || ciphertext)2 replies 0 retweets 0 likes -
Replying to @marshray
@marshray@matthew_d_green@tqbf@dchest cool, thanks1 reply 0 retweets 0 likes -
Replying to @bascule
@bascule@matthew_d_green@tqbf@dchest But it's still busted until you ensure the pair (k, nonce) going into AES-CTR is globally unique3 replies 0 retweets 0 likes -
Replying to @marshray
@marshray@matthew_d_green@tqbf@dchest sorry to dig this up again, but isn't solved by deriving a unique AES-CTR key and nonce via HKDF?1 reply 0 retweets 0 likes -
Replying to @bascule
@bascule@matthew_d_green@tqbf@dchest Not if you feed the nonce into the HKDF and leave it out of the AES-CTR initialization.2 replies 0 retweets 0 likes -
Replying to @marshray
@marshray@matthew_d_green@tqbf@dchest my plan was deriving a unique AES-CTR nonce via HKDF as well, in addition to the key2 replies 0 retweets 0 likes -
Replying to @bascule2 replies 0 retweets 0 likes
@matthew_d_green @marshray @tqbf @dchest I was thinking an RNG could be used for both the key an nonce inputs to HKDF
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.