|
|
|
|
|
|
by onlydnaq
3442 days ago
|
|
|
To be honest, nonce reuse with Bernsteins authenticated encryption algorithms will lead to the same problem as those the author points out with GCM (i.e. plaintext recovery). However, the biggest issue with GCM isn't that the plaintext leaks when reusing nonces, it's the fact that reusing nonces leads to an attacker being able to forge arbitrary ciphertexts. |
|
|