Jerry Leichter  wrote:
> CTR mode is dangerous unless you're also doing message authentication,  


That's true of CBC mode, too, and almost any other encryption mode.
Encryption without authentication is dangerous; if you need to encrypt,
you almost always need message authentication as well.

(I will agree that CTR mode encryption without message authentication
is often even more dangerous than CBC mode encryption without message
authentication, but usually neither is a good idea.)

Setting that minor nitpick aside, the discussion here seems like good

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to

Reply via email to