[Cryptography] Crypto best practices
James A. Donald
jamesd at echeque.com
Tue Mar 21 23:28:16 EDT 2017
On 2017-03-21 19:30, Kristian Gjøsteen wrote:
> Note that misuse-resistant means that in the event of IV reuse,
> all you reveal is whether two plaintexts are equal.
I think the solution here is that when your algorithm says "never reuse
an IV", you never reuse an IV.
"Misuse resistant" is just too hard, and too complicated, which
increases the likelihood of misuse.
Every encrypted message needs a secret key, a unique IV at the
beginning, and an integrity check at the end.
More information about the cryptography
mailing list