[Cryptography] Severe flaw in all generality : key or nonce reuse
John Denker
jsd at av8n.com
Wed Oct 18 15:45:47 EDT 2017
On 10/17/2017 10:39 PM, Peter Gutmann wrote:
> RC4 is a stream cipher for which key/nonce reuse results in a catastrophic
> failure of the cryptosystem.
>
> GCM is a stream cipher for which key/nonce reuse results in a catastrophic
> failure of the cryptosystem.
I hate to ask silly questions, but is there any cryptosystem or any
mode whatsoever where key/nonce reuse is acceptable?
It seems to me that chaining modes depend on the randomness of the
plaintext. Unless you can reliably establish a hefty lower bound
the amount of such randomness -- which seems hard to do since the
plaintext is not known in advance -- using it as a substitute for
a random key/nonce seems exceedingly unsafe.
More information about the cryptography
mailing list