Hacker News new | ask | show | jobs
by azinman2 3217 days ago
Pointers?
1 comments
wolf550e 3217 days ago
Nonce reuse
link
azinman2 3217 days ago
Isn’t that a gotcha for anytime you’d use a nonce?

Meanwhile PubNub is using a hard coded IV on every message in ECB and CBC modes :)

https://github.com/pubnub/javascript/blob/master/src/core/co...

link
kaoD 3217 days ago
Well that's a gotcha on AES-CTR too.

GP is asking about mistakes that could happen on AES-GCM that won't happen with AES-CTR+HMAC.

I'm no crypto expert, but I'd say there are more opportunities of messing up with AES-CTR+HMAC like forgetting to MAC the IV.

link
tedunangst 3217 days ago
Nonce reuse for CTR gives you the plaintext of those messages. (Well, the XOR of them, from which you can probably figure out the rest.) Nonce reuse for GCM gives up the key.
link