logoalt Hacker News

cookiengineertoday at 7:01 PM2 repliesview on HN

> XChaCha20-Poly1305 replaced with AES-256-GCM

What could possibly go wrong? It's not like every CTF ever designed has a block cipher or counter mode challenge. /s

If the project wasn't done by WolfSSL, I would have assumed it's a trolling attempt to mock FIPS requirements. But it's not, and that's the problem.

Replies

arter45today at 8:06 PM

Are you talking about side channel attacks? Because AFAIK nonce reuse is an issue in both cases.

tptacektoday at 7:50 PM

I don't understand the concern here?