Hacker News new | past | comments | ask | show | jobs | submit login

In NIP-04 I noticed that DMs can be encrypted using AES-CBC. IIUC, this is not a very robust mode for using AES. Seems surprising for a greenfield project.



What's wrong with CBC? I think the bigger problem is the symmetric keys are not using a key derivation function and are therefore not uniformly random: https://github.com/nostr-protocol/nips/issues/72


> What's wrong with CBC?

It’s not tamper proof, ie signed, unlike GCM

> Some modern modes of operation combine confidentiality and authenticity in an efficient way, and are known as authenticated encryption modes

https://en.m.wikipedia.org/wiki/Block_cipher_mode_of_operati...

I’d also add: CBC requires padding and GCM does not. Minor convenience.


Nostr messages are all signed though. Why would you want two signatures on a message. And if two signatures are better than one, why not 3 signatures?


Discussion was about cipher block modes.

And GCM does not ‘add’ a signature per se.


Discussion was about cipher block modes in the context of Nostr and NIP-04. You might notice all 3 levels above your comment reference either the Nostr protocol in general, or NIP-04 messages.

> And GCM does not ‘add’ a signature per se.

Your own comment to which I replied said "It’s not tamper proof, ie signed, unlike GCM". Wouldn't most people consider something "signed" as having a signature?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: