|
|
|
|
|
|
by jfyi
744 days ago
|
|
|
> I don't think I understand when it can be abused The same key + nonce generates the same keystream. The ciphertext is generated by xoring the plaintext with the keystream. The keystream can be recovered by xoring the ciphertext with the plain text. To abuse it... The defender needs to re-use both the same key and nonce. The attacker needs to have a ciphertext/plaintext pair, know or find the position of that text in the keystream, and needs access to other ciphertexts generated with the same key/nonce. |
|
|