|
|
|
|
|
|
by tptacek
3292 days ago
|
|
|
GCM has exactly the same problem with respect to nonces (GCM, like CTR, has a nonce, not an IV, but the terms are unfortunately used interchangeably). The secrecy/predictability/uniqueness rules for IVs and nonces depend on the specific cipher mode you're using, so be careful about writing generic recommendations. Also, be very careful with the word "ideally", because if you get an IV or nonce wrong, chances are your problems are much worse than "not ideal". |
|
|