On 4 Feb 2005, at 10:51 AM, Greg Rose wrote:


I'm surprised that no-one has said that ECB mode is "unsafe at any speed".



Because if they did, some smartass would chime in and say that ECB mode is perfectly fine at some speeds.


For example, you could safely encrypt one bit in ECB mode, particularly if you permitted, nay encouraged the other 63 or 127 to be arbitrary nigh unto random. Surely you don't need to have an IV and padding and all if the small block were random-padded.

We'd then get into a long debate over how many bits can be handled in such a system. 32? 127? 128?

Then some other smartass would suggest that it's more efficient in such a case to just XOR the key on the data and effectively just use a one-time pad. And then we'd digress into a rambling discussion on one-time pads and how practical they are in "real" applications.

Finally, some uber-smartass would point out that you can even get rid of the OTP by taking those small bits of data and padding appropriately and using a public-key op.

By then, we'd all have lost sight of the fact that the main topic here is whether 3DES is "broken" and that the answer is a simple, "no." (And it's a good thing that this is Cryptography, not Cypherpunks, as then there'd be another digression about Nader and how good the Corvair was or wasn't, along with URLs of nicely restored examples on eBay.)

This is why no one has had the temerity to suggest that ECB mode is unsafe at any speed.

        Helpfully,
        Jon


--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to