[Cryptography] Shortening block cipher length...
Patrick Chkoreff
pc at fexl.com
Tue Jul 20 08:45:14 EDT 2021
Peter Gutmann wrote on 7/20/21 1:10 AM:
>> I wonder if DJB's philosophy regarding your points there is simply:
>
> ... "when I use this, I know what I'm doing".
I believe in the case of NaCl, "knowing what you're doing" is simply this:
0. Do not reuse a nonce.
1. Do not reuse a nonce.
> Unfortunately everyone else isn't DJB, and frequently gets it wrong. To
> paraphrase an old paper on formal methods "stream ciphers are perfectly safe
> when implemented and applied by geniuses. Unfortunately, geniuses are in
> short supply".
Does one have to be a genius to read 24 bytes from /dev/urandom?
On the other hand, maybe you'd say one would have to be an idiot to read
24 bytes from /dev/urandom. Or more mildly: one should never use any
cipher that requires a random nonce whose reuse will compromise
security, not even one designed by DJB.
-- Patrick
More information about the cryptography
mailing list