[Cryptography] Severe flaw in all generality : key or nonce reuse

Tony Arcieri bascule at gmail.com
Fri Oct 20 21:15:15 EDT 2017

On Fri, Oct 20, 2017 at 2:20 PM, Ray Dillinger <bear at sonic.net> wrote:

> How about - and this may be a radical notion here - but how about NOT A

I'll note that AES(-CMAC)-SIV and AES-PMAC-SIV both use a stream cipher for
encryption (AES-CTR), but are not susceptible to nonce reuse
vulnerabilities because they're MRAE constructions.

The reality is a bit more nuanced than "NOT A STREAM CIPHER"

Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20171020/947c14f8/attachment.html>

More information about the cryptography mailing list