Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
cperciva
on Oct 8, 2013
|
parent
|
context
|
favorite
| on:
Piercing Through WhatsApp’s Encryption
CTR mode doesn't have IVs. It has a counter: Start at zero and count upwards.
X-Istence
on Oct 8, 2013
|
next
[–]
Depending on if the key may be reused having a non-zero nonce may be a good idea too...
---
And I just realised who I am replying too, off course you know this.
cperciva
on Oct 8, 2013
|
parent
|
next
[–]
I was being a bit facetious in discriminating between "IV" and "nonce"... they're almost two sides of the same coin.
stavros
on Oct 8, 2013
|
prev
[–]
And don't overflow.
cperciva
on Oct 8, 2013
|
parent
[–]
If you need to send more than 2^68 bytes of data, you've got bigger problems than your crypto breaking.
stavros
on Oct 8, 2013
|
root
|
parent
[–]
You're assuming a correct implementation with a 64-bit counter, though.
cperciva
on Oct 8, 2013
|
root
|
parent
[–]
Yes. I'm also assuming people have correct implementations of AES.
tptacek
on Oct 9, 2013
|
root
|
parent
[–]
I have never exploited an incorrect implementation of an AES core in a real application, but have exploited "broken" counters.
Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
