Sujet : Re: fun with nonces
De : ftilojim (at) *nospam* tznvy.pbz (Chax Plore)
Groupes : sci.cryptDate : 05. Jul 2024, 18:40:44
Autres entêtes
Organisation : i2pn2 (i2pn.org)
Message-ID : <45eed9a6-8bc6-7595-a183-82d25eaea562@tznvy.pbz>
References : 1
Xorshift is reversible, so if Eve is up to no good, then she can use the foreknowledge of nonce in bad way (no specific attack in mind, but nothing in the message should be predictable or "crackable").
I suggest to use HKDF instead to generate the nonce in your scheme,
which I would name "nonce ratchet" instead of confusing "nfs" (I'm just
looking on my NAS console, where I see two volumes mounted as NFS shares).
And If you are already using KKDF, they why not to "ratchet" the whole
key/nonce/iv/salt material this way, if you intend to leave no variables
in plain sight?
On 2024-07-04 19:47, Stefan Claas wrote:
Let's assume Bob travels a lot and he wishes to
communicate encrypted with Alice, while using an
encryption program which uses a nonce as additional
input parameter.
He does not need to send Alice the nonces, once he
arrived, because they both have a shared secret.
Alice and Bob can generate them by themselves, no
matter what timezone they are in and the nonces will
be random and can be re-generated with the same values
again, per day.
https://github.com/stefanclaas/nfs
I Have to do a README which explains this scenario
a bit. Hope you like the idea!
-- -----BEGIN PGP PUBLIC KEY FINGERPRINT-----5745 807C 2B82 14D8 AB06 422C 8876 5DFC 2A51 778C------END PGP PUBLIC KEY FINGERPRINT------
fun with nonces
Re: fun with nonces