Sujet : Re: fun with nonces
De : pollux (at) *nospam* tilde.club (Stefan Claas)
Groupes : sci.cryptDate : 05. Jul 2024, 21:06:53
Autres entêtes
Organisation : ℭ𝔥𝔦𝔣𝔣𝔯𝔢𝔭𝔲𝔫𝔨𝔰
Message-ID : <afc9f7652b10d487109ad81270c4d0d99d9b7392@i2pn2.org>
References : 1 2 3 4
User-Agent : flnews/1.3.0pre4 (for GNU/Linux)
Rich wrote:
Stefan Claas <pollux@tilde.club> wrote:
Chax Plore wrote:
Xorshift is reversible, so if Eve is up to no good, then she can use
the foreknowledge of nonce in bad way (no specific attack in mind,
but nothing in the message should be predictable or "crackable").
I suggest to use HKDF instead to generate the nonce in your scheme,
which I would name "nonce ratchet" instead of confusing "nfs" (I'm
just looking on my NAS console, where I see two volumes mounted as
NFS shares).
Thanks for your valuable input, much appreciated! The Program uses
now hkdf, instead of corshift128+.
And If you are already using KKDF, they why not to "ratchet" the
whole key/nonce/iv/salt material this way, if you intend to leave no
variables in plain sight?
What do you mean (language barrier)?
If I got Chax's meaning properly, the statement is:
Why not use this scheme to generate all of the "key", "nonce", "iv",
and "salt" such that all four change with each new message
(effectively making the four a large 'key' of sorts)?
Ah, but I only need nonces.
I deleted the repository and created a new one, named nora.
Nora is a female Name and Nora could be a good friend of
Alice and Bob. :-)
https://github.com/stefanclaas/nora-- RegardsStefan
fun with nonces
Re: fun with nonces