----- Forwarded message from Wasa <wasabe...@gmail.com> ----- Date: Wed, 12 Jun 2013 15:32:02 +0100 From: Wasa <wasabe...@gmail.com> To: cryptogra...@randombit.net Subject: Re: [cryptography] [liberationtech] New Anonymity Network for Short Messages User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130510 Thunderbird/17.0.6
On 12/06/13 07:27, Eugen Leitl wrote: > Additionally to this, CTR allows bit-level maleability of the cleartext: > a bit flipped in a CTR cipherstream translates into a bit flipped in > the cleartext. all encryption modes usually provide confidentiality BUT NOT integrity. They have been designed to be CPA secure; not CCA secure. That's why u usually use a MAC along with it... it has nothing to do with CTR... The mode that provides both is CGM > > In fact, if there are regions of known cleartext (such as zeroes) the > adversary can do things like encode the originating IP in the cleartext > simply by XORing it into the cipherstream. in CBC if u select the IV incorrectly u also leak info. CBC is only CPA secure IFF the IVs are unpredictable. > This property can cause problems if you perform any operations before > checking the MAC (like evaluating a weak CRC to decide to forward the > message or not). This is also irrelevant. it's got nothing to do with CTR or other modes of encryption; this is all about how u perform authenticated encryption: u should do encrypt-then-mac rather than something else. if u want simple primitives to work with; u can have a look at http://nacl.cr.yp.to/ : implemented by cryptographers. _______________________________________________ cryptography mailing list cryptogra...@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech