If you're doing something like that, I think it would be better to use a full-blown SIV construction
-
-
-
something like AES-SIV but with ChaCha20 and Poly1305? http://web.cs.ucdavis.edu/~rogaway/papers/siv.pdf …
- 3 more replies
New conversation -
-
-
if it were H(m) || r that would work, depending on size of r. Or H(m) || system time if you know message rate
-
With 192 bits, that probability is negligible. Unlike having a system with a broken PRG.
- 1 more reply
New conversation -
-
-
but if r is random, H(m) has no effect, you still get birthday collisions with same probability.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.