Chris M. Thomasson wrote:
On 7/5/2024 1:46 PM, Stefan Claas wrote:
Hopefully the nonces were created by a TRNG such that they cannot be
repeated expect by pure chance... Fair enough?
Every PRNG has a period and a way to set the starting point.
Well, they can be also pseudo-random. Mine are deterministic,
based on a passphrase and date while using hkdf.
Can somebody try to get at things where they can gain educated guesses
at your schedule, so to speak?
For the nonce only, without using a cipher, I would say no, because Alice
and Bob have a shared secret, which is used along with a date (only day,
not time and as UTC timezone) and nor Alice or Bob have to send the nonces
to each other, so that encryption and decription, with, for example, my
Adiantum implemention works nicely.
Here is an example: Let's say Bob is in Germany, as of today, with current
time 22:41 CET and he sends an encrypted message with Adiantum now to Alice.
Alice, in the U.S., much earlier time, because of the different timezone,
simply runs nora[1] with Adiantum[2] and can be sure that when she creates
*todays* nonce(s) that the message will decrypt, because of UTC timezone
used in nora.
A sample run with nora looks like this:
$ nora
Usage: -p <password> [-b party B] [-n number of nonces] [-l length of the nonce]
[-s save nonces]
So Bob, as of today and now, runs nora with the shared secret 'test'
and the output will be:
$ nora -p test -n 10
1: 2aba3cbd0f2435c1231d7acd897f33b6 20240707
2: fd1cf73718ace13892282ce1c85079c0 20240707
3: 8c7bb448faeb2bc2886a13e29acd70cc 20240707
4: c8e80e0e6a56a150a6497df6669e0299 20240707
5: 691078499be8e87922a6c5e28f0a80a2 20240707
6: 944214f54301641f0c267f3aaf44d001 20240707
7: 5959b96219a2d6a56b05a04a4ed01b87 20240707
8: ebfc1313981df46d0f3326e7eacdb738 20240707
9: de155347f93107b8367ce0ff8e3f473b 20240707
10: b81c73bcbc173b5e15b597bfeb8e5541 20240707
Bob can re-run nora later and the same nonces will be generated
for today.
Alice, as receiver of the encrypted message, would then reply with
nonces using the -b paramter, to prevent that the same nonce is
used, in case they both would send a message at the same time.
As you can see from the output the hex values, which are not
exchanged, they leave, I would say, no information, about my
schedule.
I believe that this scheme is secure enough when using it,
for example, with Adiantum and allows Alice and Bob not to
worry about nonce creation, which they do not want to send
to each other and it is also easy to use and to understand.
[1]
https://github.com/stefanclaas/nora[2] https:/github.com/stefanclaas/adiantum
-- RegardsStefan