Sujet : Re: fun with nonces
De : rich (at) *nospam* example.invalid (Rich)
Groupes : sci.cryptDate : 05. Jul 2024, 20:46:51
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <v69ijb$3djqs$2@dont-email.me>
References : 1 2 3
User-Agent : tin/2.6.1-20211226 ("Convalmore") (Linux/5.15.139 (x86_64))
Stefan Claas <
pollux@tilde.club> wrote:
Chax Plore wrote:
Xorshift is reversible, so if Eve is up to no good, then she can use
the foreknowledge of nonce in bad way (no specific attack in mind,
but nothing in the message should be predictable or "crackable").
I suggest to use HKDF instead to generate the nonce in your scheme,
which I would name "nonce ratchet" instead of confusing "nfs" (I'm
just looking on my NAS console, where I see two volumes mounted as
NFS shares).
Thanks for your valuable input, much appreciated! The Program uses
now hkdf, instead of corshift128+.
And If you are already using KKDF, they why not to "ratchet" the
whole key/nonce/iv/salt material this way, if you intend to leave no
variables in plain sight?
What do you mean (language barrier)?
If I got Chax's meaning properly, the statement is:
Why not use this scheme to generate all of the "key", "nonce", "iv",
and "salt" such that all four change with each new message
(effectively making the four a large 'key' of sorts)?