Ray Dillinger <bear at sonic.net> writes: >I don't think NaCl as it is today is vulnerable Unless it's changed recently, the NaCL API assumes the nonce is user-supplied, which means it's completely vulnerable. It's RC4 as used in the 1990s all over again. Peter.