Re: fun with nonces

Chax Plore wrote:

 
Xorshift is reversible, so if Eve is up to no good, then she can use the
foreknowledge of nonce in bad way (no specific attack in mind, but
nothing in the message should be predictable or "crackable").
 
I suggest to use HKDF instead to generate the nonce in your scheme,
which I would name "nonce ratchet" instead of confusing "nfs" (I'm just
looking on my NAS console, where I see two volumes mounted as NFS shares).

Thanks for your valuable input, much appreciated! The Program uses now
hkdf, instead of corshift128+.
 

And If you are already using KKDF, they why not to "ratchet" the whole
key/nonce/iv/salt material this way, if you intend to leave no variables
in plain sight?

What do you mean (language barrier)?

--
Regards
Stefan