summaryrefslogtreecommitdiff
path: root/templates/index.html
diff options
context:
space:
mode:
authorcyfraeviolae <cyfraeviolae>2022-08-24 16:21:17 -0400
committercyfraeviolae <cyfraeviolae>2022-08-24 16:21:17 -0400
commit7872bbcaf421bbb2fd3ab5fb1283e9cb8282a02f (patch)
tree0505be1597733b12825096c5437c2aa9a55d070a /templates/index.html
parentf649ba59fe194ef169881579138023ec1493a254 (diff)
work
Diffstat (limited to 'templates/index.html')
-rw-r--r--templates/index.html13
1 files changed, 9 insertions, 4 deletions
diff --git a/templates/index.html b/templates/index.html
index fdcddd8..baf6a6d 100644
--- a/templates/index.html
+++ b/templates/index.html
@@ -18,11 +18,13 @@
<div class="crumbs">
<a href="/git/forbidden-salamanders">source code</a>
<span class="sep"> · </span>
- <a href="/forbidden-salamanders/nonce-reuse">aes-gcm nonce reuse</a>
+ <a href="/forbidden-salamanders/nonce-reuse">nonce reuse</a>
+ <!--
<span class="sep"> · </span>
- <a href="/forbidden-salamanders/nonce-truncation">aes-gcm nonce truncation</a>
+ <a href="/forbidden-salamanders/nonce-truncation">nonce truncation</a>
<span class="sep"> · </span>
- <a href="/forbidden-salamanders/key-commitment">aes-gcm key commitment</a>
+ <a href="/forbidden-salamanders/key-commitment">key commitment</a>
+ -->
</div>
</div>
<p>
@@ -37,9 +39,10 @@
<p>
<strong><a href="/forbidden-salamanders/nonce-reuse">Nonce
reuse</a>.</strong> Due to rising entropy prices, Roseacrucis has
- started to reuse nonces. You must perform the Forbidden Attack in order to
+ started to reuse AES-GCM nonces. You must perform the Forbidden Attack in order to
recover the authentication key and forge arbitrary ciphertext.
</p>
+ <!--
<p>
<strong><a href="#">Nonce truncation</a>.</strong> The sorcerer
aims to conserve bandwidth by truncating nonces from twelve bytes
@@ -54,6 +57,7 @@
Library that decrypt to confidential information under one key, but
innocuous banter under another.
</p>
+ -->
<br>
<details>
<summary>
@@ -64,6 +68,7 @@
AES-GCM is a block cipher that accepts a key of 16 bytes,
a nonce of 12 bytes, plaintext, and additional authenticated data.
It returns ciphertext and a message authentication code (MAC).
+ The construction is <a href="https://csrc.nist.gov/publications/detail/sp/800-38d/final">specified by NIST</a>.
</p>
<p>
The ciphertext is computed as in <a href="https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)">counter mode</a>, whereas the MAC is computed using the algorithm GMAC.