Article <c671d9278a8c412de3eceb867e565862f87d34da@i2pn2.org>

Warning: mysqli::__construct(): (HY000/1203): User howardkn already has more than 'max_user_connections' active connections in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\includes\artfuncs.php on line 21
Failed to connect to MySQL: (1203) User howardkn already has more than 'max_user_connections' active connections
Warning: mysqli::query(): Couldn't fetch mysqli in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\index.php on line 66
Article <c671d9278a8c412de3eceb867e565862f87d34da@i2pn2.org>

Deutsch English Français Italiano

<c671d9278a8c412de3eceb867e565862f87d34da@i2pn2.org>

View for Bookmarking (what is this?)
Look up another Usenet article

Path: ...!news.misty.com!weretis.net!feeder9.news.weretis.net!i2pn.org!i2pn2.org!.POSTED!not-for-mail
From: Stefan Claas <pollux@tilde.club>
Newsgroups: sci.crypt
Subject: Re: fun with nonces
Date: Fri, 5 Jul 2024 20:17:46 -0000
Organization: =?UTF-8?b?4oSt8J2UpfCdlKbwnZSj8J2Uo/CdlK/wnZSi8J2UrfCdlLLwnZSr8J2UqA==?= =?UTF-8?b?8J2UsA==?=
Message-ID: <c671d9278a8c412de3eceb867e565862f87d34da@i2pn2.org>
References: <324bb1a7476b82ad04e91b41ab885894d25358e3@i2pn2.org> <v67rss$34v76$1@dont-email.me> <1e2177bc9762cbdbd5898f77326a7d96d233b60b@i2pn2.org> <v695fh$3bim4$1@dont-email.me> <50be77cbbdee3fcf1ab27e15586ede96bbf2e710@i2pn2.org> <v69iea$3djqs$1@dont-email.me>
MIME-Version: 1.0
Injection-Date: Fri, 5 Jul 2024 20:18:07 -0000 (UTC)
Injection-Info: i2pn2.org;
	logging-data="2276699"; mail-complaints-to="usenet@i2pn2.org";
	posting-account="ieSrCjSDShpZNyqIW52mlwIkg76Hsp+TOOO6KTdfCN8";
User-Agent: flnews/1.3.0pre4 (for GNU/Linux)
X-Ed25519-Pub: 43e6681c5cf3cdc2f9ccf975f8a01b18c5e84bf0ba00605faba9cc0f8757a117
X-Spam-Checker-Version: SpamAssassin 4.0.0
X-Finger: tilde.club/~pollux/
X-Date: It's Fri 11266 Sep 1993 10:17:46 PM CEST, the September that never ends
X-Ed25519-Sig: e7c8bf41cfc2ba53433fdf36cb18d0c926ab2605abdcd109625a37eaa494b892
 0dd1d38070beec61ccc1638a331e59f2a0903e53f8145b53a7068c1a6dad740b
Bytes: 4357
Lines: 63

Rich wrote:
> Stefan Claas <pollux@tilde.club> wrote:
> > Rich wrote:
> > > Stefan Claas <pollux@tilde.club> wrote:
> > > > Rich wrote:
> > > > > Stefan Claas <pollux@tilde.club> wrote:
> > > > > > He does not need to send Alice the nonces, once he
> > > > > > arrived, because they both have a shared secret.
> > > > > > Alice and Bob can generate them by themselves, no
> > > > > > matter what timezone they are in and the nonces will
> > > > > > be random and can be re-generated with the same values
> > > > > 
> > > > > They cannot be simultaneously "random" and be capable of being 
> > > > > "re-generated with the same values".
> > > > > 
> > > > > At best, they are psudeo-random.  And, looking over the code, indeed, 
> > > > > they are generated from a psudeo-random generator, go's 'rand'.
> > > > 
> > > > It uses now xorshift128+ instead of math.rand, to have a  128bit
> > > > seed instead of 64bit.
> > > 
> > > And it is still psudeo-random.
> > 
> > And that is perfectly fine, unless of course someone here would show 
> > me a better solution, for using nonces without transmitting them.
> 
> There is really no need for "shared secret nonces" given standard 
> encryption modes.  The 'nonce' (meaning: "used once" [1]) is present to 
> randomize a given use of a mode [2] under the same key and plaintext as 
> a prior use of the same mode/plaintext [3] under the same key.  The only 
> 'security' required of the nonce is that eve not be able to predict any 
> given nonce in advance, which is why they are preferably derived from 
> true random sources or created by cryptography secure random number 
> generation algorithms (with a good true randomness seed).  But the 
> security of the encrypted data does not depend upon the actual nonce 
> being secret to Eve.  This is why they are transmitted in the clear at 
> the start of modes that use a nonce.

I have read quite a bit about nonce usage and agree, but they can be
also pseudo-random. 
 
> But going to great length to generate "secret" nonce's for use by Bob 
> and Alice is unnecessary.

Well, known crypto algos don't have to do that, correct! But I like to
use this scheme with Google's Adiantum Encryption, which allows this.

I like Adiantum very much because it is Format Preserving Encryption,
which can be used, besides disk encryption on mobile devices, also for
SMS encryption with feature phones, which is pretty cool and more secure
IMHO than using a smartphone with crypto messengers etc.

> You appear to be beginning to climb down the same rabbit hole that 
> Chris quite deeply entered when he was so overly concerned about the 
> IV/Nonce being in the clear as part of the protocol that Eve got to 
> examine some years back.

No, see above and instead of sending them in advance why not generate
them on the fly, for each day and then use them, without sending, along
with a 256 bit key.

-- 
Regards
Stefan