Re: Actor model implementation, seeking feedback

[Vasilij Schneidermann]

Hello John,

> *Any* numeric sequence will repeat eventually unless it grows without
> bound, like a TAI timestamp.

I take "repeats after exceeding 2^n consecutive numbers" over "repeats
with a 1/2^n chance" (which can be generalized to 2^(n/2) thanks to the
birthday problem).

> But actually it's not enough that a nonce be unique, otherwise 1, 2,
> 3, ... would be a perfectly good sequence of nonces.

That is what a counter with a sequence of NUL bytes would produce. It's
perfectly fine. As long as the sequence is not reused.

> So you do want a long-period cryptographically strong random sequence
> like ChaCha20 or Fortuna, or it will be possible to predict the next
> nonce from the previous nonces.

Why would predicting the next nonce matter? You cannot do anything
useful with that knowledge. The nonce exists to perturb stream cipher
operations so that the combination of same message, same key and nonce
does not lead to the same ciphertext.

Vasilij

signature.asc
Description: PGP signature