On 03/28/2013 06:24 PM, Niels Möller wrote:
Maybe one could also have a default autoincrementing nonce?
If you do that please don't make it the default. There are several cases in DTLS where the nonce isn't simply incrementing (e.g. when receiving packets out-of-order).
Does this property exist in any other nettle algorithms?
It's (trivially) true for the block ciphers, and the gcm code separates key state (struct gcm_key) from message state (struct gcm_ctx). The hmac code does not, and I'd like to change that *if* I can find some reasonable way to do it.
It is pretty trivial to overcome though, i.e., just use different contexts on each thread (you don't even need to re-initialize - just copy the context), so I wouldn't spend resources on it unless there is some obvious advantage which I don't see.
regards, Nikos