HKDF has poorly-understood subtleties. Let’s explore them in detail.| Dhole Moments
When it comes to AES-GCM, I am not a fan. Most of my gripes fall into one of two categories: Gripes with AES itself Gripes with AES-GCM as a construction However, one of my gripes technically belon…| Dhole Moments
How and why XSalsa20/XChaCha were designed, and why they’re secure.| Dhole Moments
Four years ago, I wrote a (surprisingly popular) blog post about the notion of wear-out for symmetric encryption schemes. Two years ago, I wrote a thing about extending the nonce used by AES-GCM wi…| Dhole Moments