[Cryptography] FW: RFC 7253 on The OCB Authenticated-Encryption Algorithm
Jerry Leichter
leichter at lrw.com
Sun Jun 1 06:22:09 EDT 2014
On May 31, 2014, at 5:48 PM, John Kelsey <crypto.jmk at gmail.com> wrote:
> Anyone know how OCB does when the user reuses a nonce? That's a particular problem for GCM.
Text from the Draft RFC: "It is crucial that, as one encrypts, one does not repeat a nonce. The inadvertent reuse of the same nonce by two invocations of the OCB encryption operation, with the same key, but with distinct plaintext values, undermines the confidentiality of the plaintexts protected in those two invocations and undermines all of the authenticity and integrity protection provided by that key."
-- Jerry
More information about the cryptography
mailing list