>From: "Steven M. Bellovin" <[EMAIL PROTECTED]> >Sent: Feb 2, 2005 1:39 PM >To: bear <[EMAIL PROTECTED]> >Cc: Aram Perez <[EMAIL PROTECTED]>, Cryptography <cryptography@metzdowd.com> >Subject: Re: Is 3DES Broken?
... >>I think you meant ECB mode? >No, I meant CBC -- there's a birthday paradox attack to watch out for. Yep. In fact, there's a birthday paradox problem for all the standard chaining modes at around 2^{n/2}. For CBC and CFB, this ends up leaking information about the XOR of a couple plaintext blocks at a time; for OFB and counter mode, it ends up making the keystream distinguishable from random. Also, most of the security proofs for block cipher constructions (like the secure CBC-MAC schemes) limit the number of blocks to some constant factor times 2^{n/2}. > --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb --John Kelsey --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]