Re: [PATCH v6] security/keys: rewrite all of big_key crypto

From: Jason A. Donenfeld
Date: Wed Sep 20 2017 - 10:01:32 EST


On Wed, Sep 20, 2017 at 3:45 PM, Stephan Mueller <smueller@xxxxxxxxxx> wrote:
> http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/Joux_comments.pdf

Section 3 shows an attack with repeated nonces, which we don't do here.

Section 4 shows an attack using a non-96-bit nonce, which we also don't do here.