|
|
|
|
|
|
by agl
4605 days ago
|
|
|
I believe it was done so that AES-GCM could be implemented in a FIPS module and would not need to depend on the uniqueness of provided nonces. Either that or some standard said that nonces must be unique. (I wasn't around for the discussion.) I agree that a counter is perfectly safe. |
|
|