On Thu, Dec 27, 2012 at 1:35 PM, Ben Laurie <[email protected]> wrote: > On Thu, Dec 27, 2012 at 9:18 AM, Russell Leidich <[email protected]> wrote: >> there are plenty of Googleable papers showing the Counter Mode is weak >> relative to (conventional) cipher-block-chaining (CBC) AES. > > Really? For example? I believe CTR mode is especially sensitive to key/nonce reuse. But you don't see the problem until you look at messages over time and space. Confer: CTR mode uses a predictable counter, while CBC mode uses a random (not unique) IV.
I could be wrong since I'm working from memory (it sucks getting old). I'd need to get into the literature to give you anything useful (citable). Jeff _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
