[Cryptography] Shortening block cipher length...
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue Jul 20 14:08:56 EDT 2021
Patrick Chkoreff <pc at fexl.com> writes:
>I believe in the case of NaCl, "knowing what you're doing" is simply this:
>
>0. Do not reuse a nonce.
And that, along with telling people "don't write code that's vulnerable to
buffer overflows", "dont write code that facilitates SQLI and XSS", and "don't
write code that gets access control wrong" is all we need to do to ensure
things are completely secure. QED.
>Does one have to be a genius to read 24 bytes from /dev/urandom?
To do that, you first have to know what a nonce is. Then you have to know why
it's important. Then you have to know how to use it and how not to use it.
Then you have to be able to design and implement something where an attacker
can't force nonce reuse in some way. And finally you have to design and
implement everything 100% flawlessly and perfectly (see my previous comment
about the expert cryptographer and the 1-character typo).
Overall, it's about the same level of difficulty as avoiding buffer overflows
or SQLI. Meaning that in real life people get it wrong over and over and
over, just look at the history of (mis)use of RC4 to see this.
Peter.
More information about the cryptography
mailing list