Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I don't really follow, what's the issue with that? The two nodes will encrypt using the same key, so they can snoop at each other's traffic that they send out? Doesn't sound that big of a deal per se.


A nonce is not a key, it's a piece of random that is meant to be used at most once.

If an attacker sees valid nonces on a VM, and knows of another VM sharing the same nonces, then your crypto on both* VMs becomes vulnerable to replay attacks.

*read: all


How would a reply attack work in production assuming multiple VMs share a nonce?


You record the traffic going to one VM and send it to another, which will now accept it because the nonce is the same.


“Number ONCE”. NONCE. Indeed.


Reusing a nonce often allows the entire world to decrypt or MITM the data.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: