[Cryptography] One-time pads in modern crypto software?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sat Feb 20 09:16:25 EST 2021
Kristian Gjøsteen <kristian.gjosteen at ntnu.no> writes:
>The attacks on GCM-AES and similar constructions that we have seen discussed
>here lately, almost always reduce to either key management or nonce
>management.
And that would be one reason why you don't want to use TLS with a OTP. We
can't even get working with 128-256 bits of key + nonce right, how are we
going to deal with OTPs which are nothing but key?
Peter.
More information about the cryptography
mailing list