--
You received this message because you are subscribed to the Google Groups "friam" group.
To unsubscribe from this group and stop receiving emails from it, send an email to friam+un...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/friam/CANpA1Z3T7kf2tEJxZMdn%2B9BW6JqJ8OohjiVYHgJYnbBCg-LuYg%40mail.gmail.com.
For replay attacks, an incrementing number is fine.
To view this discussion visit https://groups.google.com/d/msgid/friam/CAK5yZYhV3GRsZkTZi%2B0s6UoSRBuNmdsaMTjQdMjdZY%3DwPsXhPg%40mail.gmail.com.
To view this discussion visit https://groups.google.com/d/msgid/friam/CANpA1Z3HsMJLt03DHiCGrbRU01fLzSAMAsGKF4J%2B0c903W7wKg%40mail.gmail.com.
To view this discussion visit https://groups.google.com/d/msgid/friam/CAK5yZYiLVici7kQ1uwrqae24GFrS%3DFXKwewOWwqoY0gWQGzrxQ%40mail.gmail.com.
(also, can it "just" be a digital signature so you don't actually have to remember anything long term in the server side user/request database other than the pki info?)
(also, can it "just" be a digital signature so you don't actually have to remember anything long term in the server side user/request database other than the pki info?)
--
You received this message because you are subscribed to the Google Groups "friam" group.
To unsubscribe from this group and stop receiving emails from it, send an email to friam+un...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/friam/CAJ7XQb4KfYC4Kdo1OmR%3DFistmtGRTzFs8WQcmDU6syQmEgGiSA%40mail.gmail.com.
so it needs an expiry in the nonce payload & you retain the "used" flag in the db up until that expiry date, then forget everything because the nonce cannot be used thereafter?
To view this discussion visit https://groups.google.com/d/msgid/friam/CAK5yZYiLVici7kQ1uwrqae24GFrS%3DFXKwewOWwqoY0gWQGzrxQ%40mail.gmail.com.
Not necessarily. You can sometimes have the best of both worlds by using a KDF.
https://libsodium.gitbook.io/doc/key_derivation
This is particularly convenient when using hash-based signatures because you basically need to treat entropy as a resource anyway for OTS keys, so why not
use it for the nonces also?