On May 11, 2009, at 2:16 PM, Roland Dowdeswell wrote:

On 1241996128 seconds since the Beginning of the UNIX epoch
Jerry Leichter wrote:
I'm not convinced that a stream cipher is appropriate here because
if you change the data then you'll reveal the plaintext.
Well, XOR of old a new plaintext.  But point taken.

Sounds like this might actually be an argument for a stream cipher with a more sophisticated combiner than XOR. (Every time I've suggested that, the response has been "That doesn't actually add any strength, so why bother". And in simple data-in-motion encryption, that's certainly true.)

Perhaps Matt Ball's suggestion of XTS works; I don't see exactly what he's suggesting. There is certainly a parallel with disk encryption algorithms, but the problem is different: Using rsync inherently reveals what's changed in the cleartext (at least to some level of granularity), so trying to protect against an attack that reveals this information - something one worries about in disk encryption - is beside the point.
                                                        -- Jerry

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to