Re: Nonce and key wrap

A nonce is only useful if there is insufficient entropy in the data
being encrypted and there is no other way to conduct a dictionary
attack by trying the few possible values. The nonce means that you
can't just encrypt each possible value and see if you get the cipher
text. If your key has insufficient entropy, a nonce won't help.
Someone can try decrypting with the few possible key values and
test for plain text.

The description could be changed to allow a nonce. But I don't
actually see any need.


From:  Jiandong Guo <>
Date:  Tue, 6 Nov 2001 15:31:48 -0500 (EST)
Message-ID:  <>
Organization:  Phaos Technology Corp.

>It seems to me that with the key wrap algorithm specified in section
>5.6.2, there is no way
>a nonce can be used, although you may still set up one in the
>corresponding CipherData
>element by the document.

Received on Monday, 26 November 2001 00:00:17 UTC