Re: Randomness of nonce in counter mode.

---

• From: daw@xxxxxxxxxxxxxxxxxxxxxxxx (David Wagner)
• Date: Mon, 27 Oct 2008 23:49:03 +0000 (UTC)

---

Fabrice wrote:

But, if the Key used is a random session key, does having a random
nonce brings anything compared to a non-random nonce ? [for counter mode]

The crucial requirement is that nonces must not repeat. As long
as that is assured, how exactly you achieve it -- whether with a
random nonce, or a non-random non-repeating nonce -- is not so
important.

http://www.cs.berkeley.edu/~daw/papers/ctr-aes00.ps
.

---

• References:
  • Randomness of nonce in counter mode.
    • From: Fabrice

• Prev by Date: Randomness of nonce in counter mode.
• Next by Date: Re: What is a (sci.crypt expert) ?
• Previous by thread: Randomness of nonce in counter mode.
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Any comments against Helix? ... > chosen plaintexts assuming you can repeat the nonce. ... apparently they claimed that attacks repeating the ... > nonce do not count. ... generated and sent by the originator, ... (sci.crypt) Re: Pre-encrypt IV in CBC mode ... plain text, is that secure? ... Should be fine, as far as I know, as long as IVs never repeat. ... is a "nonce"; any scheme that works with a nonce should suffice for your ... (sci.crypt)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > sci.crypt  > 2008-10