3. Guidance on the Use of AEAD Algorithms
3. Guidance on the Use of AEAD Algorithms
This section provides advice that must be followed in order to use an AEAD algorithm securely.
If an application is unable to meet the uniqueness requirement on nonce generation, then it MUST use a zero-length nonce. Randomized or stateful algorithms, which are defined below, are suitable for use with such applications. Otherwise, an application SHOULD use nonces with a length of twelve octets. Since algorithms are encouraged to support that length, applications should use that length to aid interoperability.