Author: Elichai Turkel 2019-06-17 02:06:21
Published on: 2019-06-17T02:06:21+00:00
In this email thread, the topic of nonce being 64-bit is discussed. The RFC7539 changed it to 96-bit and later referred to it as xchacha. The suggestion is made to use the "message sequence number" as the nonce for Chacha20. The query is raised whether this number is randomly generated or a counter and if it could be reset without rekeying. If the number is randomly generated, then 64-bit is not secure enough and it is suggested to either move to the chacha20 from RFC7539 which has a 96-bit nonce and 32-bit counter or increment it manually every time. On the other hand, if it's simply a counter, then 64-bit nonce should be fine. This discussion highlights the importance of understanding nonce and its security implications.
Updated on: 2023-05-20T20:38:17.656399+00:00