On Sun, 8 Sep 2013 15:22:32 -0400 "Perry E. Metzger" <pe...@piermont.com> wrote: > Ah, now *this* is potentially interesting. Imagine if you have a > crypto accelerator that generates its IVs by encrypting information > about keys in use using a key an observer might have or could guess > from a small search space.
Oh, and of course, if you're doing a DSA style algorithm, you can leak information in your choice of random nonce. This is yet more reason to force protocols to use nonces that are deterministic based on context, and to enforce that. Perry -- Perry E. Metzger pe...@piermont.com _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography