summaryrefslogtreecommitdiff
path: root/templates/nonce-reuse.html
diff options
context:
space:
mode:
Diffstat (limited to 'templates/nonce-reuse.html')
-rw-r--r--templates/nonce-reuse.html23
1 files changed, 15 insertions, 8 deletions
diff --git a/templates/nonce-reuse.html b/templates/nonce-reuse.html
index 2637d50..e60cc95 100644
--- a/templates/nonce-reuse.html
+++ b/templates/nonce-reuse.html
@@ -18,16 +18,18 @@
<div class="crumbs">
<a href="/git/forbidden-salamanders">source code</a>
<span class="sep"> · </span>
- <a href="/forbidden-salamanders/nonce-reuse"><strong>aes-gcm nonce reuse</strong></a>
+ <a href="/forbidden-salamanders/nonce-reuse"><strong>nonce reuse</strong></a>
+ <!--
<span class="sep"> · </span>
- <a href="/forbidden-salamanders/nonce-truncation">aes-gcm nonce truncation</a>
+ <a href="/forbidden-salamanders/nonce-truncation">nonce truncation</a>
<span class="sep"> · </span>
- <a href="/forbidden-salamanders/key-commitment">aes-gcm key commitment</a>
+ <a href="/forbidden-salamanders/key-commitment">key commitment</a>
+ -->
</div>
</div>
<p>
<strong>Nonce reuse.</strong> Due to rising entropy
- prices, Roseacrucis has started to reuse nonces. You must perform the
+ prices, Roseacrucis has started to reuse AES-GCM nonces. You must perform the
Forbidden Attack in order to recover the authentication key and
forge arbitrary ciphertext.
</p>
@@ -160,10 +162,15 @@
polynomial</a>.
</p>
<p>
- We plug \(h\) back into the first equation to recover \(s\),
- and finally, we can forge the MAC for arbitary ciphertext under the
- same nonce. Note that there may be multiple possible monomial roots;
- in this case, one can check each possibility online.
+ We plug \(h\) back into the first equation to recover \(s\), and we
+ can forge the MAC for arbitary ciphertext under the same nonce.
+ Note that there may be multiple possible monomial roots; in this
+ case, one can check each possibility against the enemy.
+ </p>
+ <p>
+ Readers who wish to implement this attack themselves can try
+ <a href="https://cryptopals.com/">Cryptopals</a>; specifically
+ Set 8 Problem 62.
</p>
</details>
<details>