[Cryptography] Non-deterministic PRF as a MAC-and-Nonce for AEAD?
Phillip Hallam-Baker
phill at hallambaker.com
Tue Jul 3 21:59:44 EDT 2018
On Mon, Jul 2, 2018 at 12:09 PM, Jason Cooper <cryptography at lakedaemon.net>
wrote:
>
> Well, sure. But that's a protocol design decision. Do you really want
> the developer who needs to have their hand held regarding nonce
> generation to be designing cryptographic protocols?
>
​Everyone needs their hand held. Everyone.
I have seen enough screw ups to know that Crypto is something best done as
a team exercise.
To the original point, back in the 1990s it was ok to just design a
protocol that was secure when implemented properly. That is no longer the
case and we demand protocols to break gracefully.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180703/d420cbe7/attachment.html>
More information about the cryptography
mailing list