[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cryptography] Shortening block cipher length...



> >I don't think NaCl as it is today is vulnerable
>
> Unless it's changed recently, the NaCL API assumes the nonce is user-supplied,
> which means it's completely vulnerable.  It's RC4 as used in the 1990s all
> over again.

RC4 has additional problems with it, such as statistical biases in the output,
even when used 'correctly'; see _A Practical Attack on Broadcast RC4_ by
Mantin and Shamir:

https://link.springer.com/content/pdf/10.1007%2F3-540-45473-X_13.pdf



Best wishes,


Adam P. Goucher
_______________________________________________
The cryptography mailing list
cryptography AT metzdowd.com
https://www.metzdowd.com/mailman/listinfo/cryptography