W3C home > Mailing lists > Public > xml-encryption@w3.org > November 2001

Re: Nonce and key wrap

From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
Date: Sun, 25 Nov 2001 23:56:20 -0500
Message-Id: <200111260456.XAA0000006345@torque.pothole.com>
To: Jiandong Guo <jguo@phaos.com>
cc: xml-encryption@w3.org

A nonce is only useful if there is insufficient entropy in the data
being encrypted and there is no other way to conduct a dictionary
attack by trying the few possible values. The nonce means that you
can't just encrypt each possible value and see if you get the cipher
text. If your key has insufficient entropy, a nonce won't help.
Someone can try decrypting with the few possible key values and
test for plain text.

The description could be changed to allow a nonce. But I don't
actually see any need.

Thanks,
Donald

From:  Jiandong Guo <jguo@phaos.com>
Date:  Tue, 6 Nov 2001 15:31:48 -0500 (EST)
Message-ID:  <3BE84A4B.59566C60@phaos.com>
Organization:  Phaos Technology Corp.
To:  xml-encryption@w3.org

>It seems to me that with the key wrap algorithm specified in section
>5.6.2, there is no way
>a nonce can be used, although you may still set up one in the
>corresponding CipherData
>element by the document.
>
>Jiandong
Received on Monday, 26 November 2001 00:00:17 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:19 GMT