|
|
|
|
|
|
by loup-vaillant
3216 days ago
|
|
|
Wait a minute, there are cases where this is required? Chacha20/Poly1305 is not one of them, right? --- Another I have personally seen was using the session key for a Wegman Carter hash (such as Poly1305). I received an email suggesting I do just that in Monocypher, to avoid using up the beginning of the key stream. Didn't realise why this would lead to instant key recovery. I have since littered my manual with scary tales of total annihilation of security. |
|
|