.png)
5 months ago
21 BOOK THIS SPACE FOR AD
ARTICLE ADWhat Price common sense? • June 14, 2024 11:16 AM
@ALL
So you now know that the “nonce” has to be “unique” that is “number used only once”.
Easy to say but how do you do it?
Obviously you can not just use a counter because that would make all past and future nonces “obvious” to an attacker.
Oh and whilst you could just randomly select a nonce you would need a large database to store every one you use in to ensure you don’t reuse it.
So you get caught between the “devil” of determinism and the “deep blue sea” of a bottomless database.
The solution is go with the devil but be smart about it.
In theory you can use a counter and encrypt it and use that. But then… So some argue you have to double or multiply encrypt…
But do you need to use a simple counter?
No you can use a “Linear Feedback Shift Register”(LFSR) or variation there on such as a Mitchell-Moore generator.
The point is it’s a very long discussion and knowing about the subtle weaknesses of some techniques is mostly unknown to most people.
Hence the advice,
“Never roll your own crypto!”.
But just remember even cryptographers do not know it all, the best they can usually do is know all that is “publicly known”.
The saying
“Another day another dollar”
Could equally well be rephrased as
“Another day another new way”
To make a crypto or other information system attack.
And to quote the song
“And we’ll have fun fun fun,
Till daddy takes the T-Bird away
And since he took your set of keys
You’ve been thinking that your fun is all through now
But you can come along with me
‘Cause we gotta a lot of things to do now”
Sidebar photo of Bruce Schneier by Joe MacInnis.
Bengali (Bangladesh) · 
English (United States) ·