search

cfrg / draft-irtf-cfrg-aead-limits

Usage Limits on AEAD Algorithms
https://cfrg.github.io/draft-irtf-cfrg-aead-limits/draft-wood-cfrg-aead-limits.html
Other
7 stars 6 forks source link

Nonce length is fixed #42

Closed martinthomson closed 3 years ago

martinthomson commented 3 years ago

As Joe notes, we assume a fixed length. The definitions in the IETF all use N_MIN = N_MAX = 12, but the NIST publications often veer into all sorts of wild fantasies of arbitrary nonce length. This rarely works well, as we see from the analysis in 2018/993.

Closes #41.