Jim Hughes writes:
>The IEEE P1619 standard group has dropped LRW mode. It has a  
>vulnerability that that are collisions that will divulge the mixing  
>key which will reduce the mode to ECB.

This is interesting.  Could you elaborate on this?  I suspect we could
all learn from the work the IEEE P1619 working group is doing.

I tried to trawl the P1619 mailing list archives to find some detailed
analysis on the topic of collisions, as you suggested, but I probably
wasn't looking in the right places.  The closest I found was this message:
which estimates that if one continuously accesses the disk for 4.6
years (roughly the average life time of a disk), the chances of seeing
a collision are about 1/2^29.  Is that the analysis that triggered the
concern over collisions?

Are there modes that beat the birthday bound on collisions while using
a 128-bit block cipher?  Are they proven secure beyond the birthday bound?
I'm a little behind on the latest developments in modes of operation.

It would be interesting to hear more about any interesting technical
developments from the P1619 group.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to