Re: fun with nonces

Liste des GroupesRevenir à s crypt 
Sujet : Re: fun with nonces
De : pollux (at) *nospam* tilde.club (Stefan Claas)
Groupes : sci.crypt
Date : 05. Jul 2024, 21:17:46
Autres entêtes
Organisation : ℭ𝔥𝔦𝔣𝔣𝔯𝔢𝔭𝔲𝔫𝔨𝔰
Message-ID : <c671d9278a8c412de3eceb867e565862f87d34da@i2pn2.org>
References : 1 2 3 4 5 6
User-Agent : flnews/1.3.0pre4 (for GNU/Linux)
Rich wrote:
Stefan Claas <pollux@tilde.club> wrote:
Rich wrote:
Stefan Claas <pollux@tilde.club> wrote:
Rich wrote:
Stefan Claas <pollux@tilde.club> wrote:
He does not need to send Alice the nonces, once he
arrived, because they both have a shared secret.
Alice and Bob can generate them by themselves, no
matter what timezone they are in and the nonces will
be random and can be re-generated with the same values
 
They cannot be simultaneously "random" and be capable of being
"re-generated with the same values".
 
At best, they are psudeo-random.  And, looking over the code, indeed,
they are generated from a psudeo-random generator, go's 'rand'.
 
It uses now xorshift128+ instead of math.rand, to have a  128bit
seed instead of 64bit.
 
And it is still psudeo-random.
 
And that is perfectly fine, unless of course someone here would show
me a better solution, for using nonces without transmitting them.
 
There is really no need for "shared secret nonces" given standard
encryption modes.  The 'nonce' (meaning: "used once" [1]) is present to
randomize a given use of a mode [2] under the same key and plaintext as
a prior use of the same mode/plaintext [3] under the same key.  The only
'security' required of the nonce is that eve not be able to predict any
given nonce in advance, which is why they are preferably derived from
true random sources or created by cryptography secure random number
generation algorithms (with a good true randomness seed).  But the
security of the encrypted data does not depend upon the actual nonce
being secret to Eve.  This is why they are transmitted in the clear at
the start of modes that use a nonce.

I have read quite a bit about nonce usage and agree, but they can be
also pseudo-random.
 
But going to great length to generate "secret" nonce's for use by Bob
and Alice is unnecessary.

Well, known crypto algos don't have to do that, correct! But I like to
use this scheme with Google's Adiantum Encryption, which allows this.

I like Adiantum very much because it is Format Preserving Encryption,
which can be used, besides disk encryption on mobile devices, also for
SMS encryption with feature phones, which is pretty cool and more secure
IMHO than using a smartphone with crypto messengers etc.

You appear to be beginning to climb down the same rabbit hole that
Chris quite deeply entered when he was so overly concerned about the
IV/Nonce being in the clear as part of the protocol that Eve got to
examine some years back.

No, see above and instead of sending them in advance why not generate
them on the fly, for each day and then use them, without sending, along
with a 256 bit key.

--
Regards
Stefan

Date Sujet#  Auteur
4 Jul 24 * fun with nonces19Stefan Claas
5 Jul 24 +* Re: fun with nonces6Rich
5 Jul 24 i`* Re: fun with nonces5Stefan Claas
5 Jul 24 i `* Re: fun with nonces4Rich
5 Jul 24 i  `* Re: fun with nonces3Stefan Claas
5 Jul 24 i   `* Re: fun with nonces2Rich
5 Jul 24 i    `- Re: fun with nonces1Stefan Claas
5 Jul 24 +* Re: fun with nonces5Chax Plore
5 Jul 24 i`* Re: fun with nonces4Stefan Claas
5 Jul 24 i `* Re: fun with nonces3Rich
5 Jul 24 i  `* Re: fun with nonces2Stefan Claas
6 Jul 24 i   `- Re: fun with nonces1Stefan Claas
5 Jul 24 `* Re: fun with nonces7Chris M. Thomasson
5 Jul 24  `* Re: fun with nonces6Stefan Claas
7 Jul 24   `* Re: fun with nonces5Chris M. Thomasson
7 Jul 24    `* Re: fun with nonces4Stefan Claas
8 Jul 24     `* Re: fun with nonces3Stefan Claas
9 Jul 24      +- Re: fun with nonces1Stefan Claas
12 Nov 24      `- Re: fun with nonces1Stefan Claas

Haut de la page

Les messages affichés proviennent d'usenet.

NewsPortal