[Cryptography] Shortening block cipher length...
Adam P. Goucher
apgoucher at gmx.com
Wed Jul 21 03:42:36 EDT 2021
> >I don't think NaCl as it is today is vulnerable
>
> Unless it's changed recently, the NaCL API assumes the nonce is user-supplied,
> which means it's completely vulnerable. It's RC4 as used in the 1990s all
> over again.
RC4 has additional problems with it, such as statistical biases in the output,
even when used 'correctly'; see _A Practical Attack on Broadcast RC4_ by
Mantin and Shamir:
https://link.springer.com/content/pdf/10.1007%2F3-540-45473-X_13.pdf
Best wishes,
Adam P. Goucher
More information about the cryptography
mailing list