-
-
Replying to @matthew_d_green
@matthew_d_green@bascule Right. You can't just pick a 128 bit nonce and start incrementing from there.2 replies 0 retweets 0 likes -
Replying to @matthew_d_green
@marshray@bascule ...is to keep state between messages. Choosing at random or setting it to the output of a KDF doesn't give uniqueness.1 reply 0 retweets 0 likes -
Replying to @matthew_d_green
@marshray@bascule The only thing that guarantees uniqueness without state is to pick a new key for each message. But then it's trivial.1 reply 0 retweets 0 likes -
Replying to @matthew_d_green
@marshray@bascule So if you want to pick a new key per message, set your nonces to 0 or make them a 128-bit random value. Who cares.1 reply 0 retweets 0 likes -
Replying to @matthew_d_green
@matthew_d_green@marshray I started with KDF-derived new key per message and a nonce of 0, then thought of switching to KDF-derived nonce1 reply 0 retweets 0 likes -
Replying to @bascule1 reply 0 retweets 0 likes
-
Replying to @matthew_d_green
@matthew_d_green@marshray that's the approach I've seen@tahoelafs take (new key per message + zero nonce)1 reply 0 retweets 0 likes -
Replying to @bascule
@bascule@marshray@tahoelafs There's no advantage to either approach except that one is simpler. I've been through FIPS140 with 0.1 reply 0 retweets 0 likes
@matthew_d_green @marshray @tahoelafs cool, seems good
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.