[Cryptography] Severe flaw in all generality : key or nonce reuse
Tony Arcieri
bascule at gmail.com
Fri Oct 20 21:15:15 EDT 2017
On Fri, Oct 20, 2017 at 2:20 PM, Ray Dillinger <bear at sonic.net> wrote:
> How about - and this may be a radical notion here - but how about NOT A
> STREAM CIPHER?
>
I'll note that AES(-CMAC)-SIV and AES-PMAC-SIV both use a stream cipher for
encryption (AES-CTR), but are not susceptible to nonce reuse
vulnerabilities because they're MRAE constructions.
The reality is a bit more nuanced than "NOT A STREAM CIPHER"
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20171020/947c14f8/attachment.html>
More information about the cryptography
mailing list