(so sorry about the duplicated mail, I forgot to hit reply to all)
Hey Vasilij, thanks for the feedback! 0. Haha I know, I legit found out about and got very interested in the actor model wayyyy after I got into Scheme, and was pretty surprised when I read they're related. 1. Why both? Well, mostly laziness. JSON seemed at the time an easy way to package the nonce outside the cyphertext without changing the design I already had. Very kludgy, and very likely to change in the future. 2. You're right! I actually hadn't thought about that! Guess I had a hard time not conflating "unique and non-repeatable" with random numbers... would a timestamp be a better (but probably still not ideal) approach? Thanks again for taking the time to look into this thing! Cheers! On Sat, 26 Jun 2021 20:38:03 +0200 Vasilij Schneidermann <m...@vasilij.de> wrote: > Hello Ariela, > > > ... > > 0. Funny how history repeats itself with the actor model and Scheme: > <https://en.wikipedia.org/wiki/History_of_the_Scheme_programming_language#Carl_Hewitt,_the_Actor_model,_and_the_birth_of_Scheme> > > 1. Why Protobuf? Why in combination with JSON? Why not just JSON? Or > just Protobuf, but consider it's been designed for the cases where JSON > is too expensive to use, so not for this project I guess... > > 2. Cool that you use tweetnacl for encryption, but please don't use > random numbers for nonces, that's just wrong. Nonces are not supposed to > be secret, random or unpredictable, but unique numbers that do not > repeat. Random numbers do repeat eventually. If a nonce repeats, this > allows certain cryptographical attacks to be performed on the > corresponding ciphertexts. > > Vasilij
