Re: generating a nonce



I guess the real answer depends on what you want to use
the nonce for, but assuming that you want the full security
of a nonce that is unpredictable in advance, this won't do it.
The problem is that the bad guy can predict the inputs to the
VB RNG, then run the predicted outputs through the (presumed known)
secure RNG. Even though you might have a long nonce, it still has a very
small entropy.

the nonce is concatenated to the passphrase for the encryption sequence.
without the nonce the ciphertext will not decrypt properly.


.



Relevant Pages

  • Re: DES 10 Byte MAC
    ... Some additional security info: ... where nj is the nonce for message mj. ... Here "perfect security" means the attacker can't do better than guess ... this gives probability of 1 in 5.630.063 of getting a collision. ...
    (sci.crypt)
  • Re: encryption using a block cipher // ? size limit of plaintext
    ... The attacker finds two ciphertext blocks C_and C_that are the same. ... two plaintext blocks whose ciphertext matches. ... encrypt one file with a key you will only need to use one nonce, ...
    (sci.crypt)
  • Effect of non random nonce in AES counter mode.
    ... In AES counter mode, the input of the AES cipher is usually something ... I understand that the purpose of the random nonce is that someone ... if you have known plaintext and ciphertext, ... in particular if a new random session key is used everytime the ...
    (sci.crypt)
  • Re: Encryption algorithm (fully described) comments requested
    ... hashing the master key with a nonce and supplying that as the ARC4 ... Then somehow store the nonce with the ciphertext. ... For decryption, ...
    (sci.crypt)