AES GCM IV usage limit and selection
Closed this issue ยท 2 comments
The whitepaper mentions AES GCM is used but doesn't describe how the IV is selected and whether thought has been given to the 64 GiB limit that a single IV + key combination can encrypt before becoming dangerous. I figure this has been thought about, so it would be nice to see it mentioned in the whitepaper ๐
The whitepaper mentions AES GCM is used but doesn't describe how the IV is selected and whether thought has been given to the 64 GiB limit that a single IV + key combination can encrypt before becoming dangerous. I figure this has been thought about, so it would be nice to see it mentioned in the whitepaper ๐
Thanks for the question. The IV used for AES-GCM is a simple 96-bit counter that increments per packet. Packets are much smaller than 64 GiB, and the implementation throws an error in the unlikely case that the counter overflows, to avoid reuse.