Log in

Fri, May. 20th, 2011, 11:32 am

The CTR nonce MUST be random. It cannot be the same value, or zero as you have suggested. Doing so leads to chosen-plaintext attacks.

Authentication should be done after encryption because this is the way that can be proved to work for any encryption and authentication schemes.

No HTML allowed in subject


Notice! This user has turned on the option that logs IP addresses of anonymous posters. 

(will be screened)