[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cryptography] Shortening block cipher length...

> >I don't think NaCl as it is today is vulnerable
> Unless it's changed recently, the NaCL API assumes the nonce is user-supplied,
> which means it's completely vulnerable.  It's RC4 as used in the 1990s all
> over again.

RC4 has additional problems with it, such as statistical biases in the output,
even when used 'correctly'; see _A Practical Attack on Broadcast RC4_ by
Mantin and Shamir:


Best wishes,

Adam P. Goucher
The cryptography mailing list
cryptography AT metzdowd.com