The NIST server is down.

Care to post the algorithm?

By the term "crib" do you mean a known-plaintext?

I'd like to see a proof that it is not possible to alter the final
block to make it
decrypt to all zeroes; that seems worse than CRCs and putting a CRC at the
end of the plaintext is a common, and often broken, way to do integrity
checking, because it's linear and allows the opponent to toggle bits in the
plaintext and fix the CRC without breaking the encryption.

I don't see how appending a hash of the plaintext could be a crib.  The
encryption prevents the opponent from knowing the plaintext, so
he wouldn't know what the hash preimage is.  If you encrypt the hash,
you basically have HMAC without using a keyed hash.

There are block modes that do integrity and encryption at the same time;
does this offer and advantage over them, and if so how?
"If you're not part of the solution, you're part of the precipitate."
Unix "guru" for rent or hire -><-
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066  151D 0A6B 4098 0C55 1484

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to