Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
DVE-2015-0099 AES CTR man-in-the-middle through keystream reusage #32
The two sides of a RLPx connection generate two CTR streams from the same key, nonce and IV.
If an attacker knows one plaintext, he can decrypt unknown plaintexts of the reused keystream.
Separate keys needs to be used for each stream. See for example the TLS 1.2 RFC 5246 section 6.3.