1. 8

  2. 1

    Hmm. Agree with Thomas here, and I think his statement applies even to what Colin said. You learn how important it is to not repeat the CTR nonce by finding somebody who did it wrong and breaking it. (FWIW, this is a mistake Colin made, so I’m sure he really knows how important it is now.)

    Without any evidence whatsoever to support this assertion, I don’t think the amount of data ever recovered via differential cryptanalysis comes close to the amount of data recovered because somebody thought their birthday made a good password.