Ralph Holz ralph-cryptometz...@ralphholz.de writes:
CTR mode seems a better choice here. Without getting too technical, security
of CTR mode holds as long as the IVs used are fresh whereas security of CBC
mode requires IVs to be random.
Unfortunately CTR mode, being a stream cipher, fails
Ralph Holz ralph-cryptometz...@ralphholz.de writes:
CTR mode seems a better choice here. Without getting too technical, security
of CTR mode holds as long as the IVs used are fresh whereas security of CBC
mode requires IVs to be random.
Unfortunately CTR mode, being a stream cipher, fails
Ralph Holz writes:
He wanted to scrape off some additional bits when using AES-CBC because
the messages in his concept are very short (a few hundred bit). So he
I'd rather have a known-safe design than to save 12 bytes.
Seriously: what the hell.
Say you have 1-byte messages, and that the
Jerry Leichter wrote:
CTR mode is dangerous unless you're also doing message authentication,
Nitpick:
That's true of CBC mode, too, and almost any other encryption mode.
Encryption without authentication is dangerous; if you need to encrypt,
you almost always need message authentication as
Dear all,
A colleague dropped in yesterday and confronted me with the following.
He wanted to scrape off some additional bits when using AES-CBC because
the messages in his concept are very short (a few hundred bit). So he
was thinking about a variant of AES-CBC, where he uses just 32 (random)
CTR mode seems a better choice here. Without getting too technical,
security of CTR mode holds as long as the IVs used are fresh whereas
security of CBC mode requires IVs to be random.
In either case, a problem with a short IV (no matter what you do) is the
possibility of IVs repeating. If
Unfortunately I can't remember the author, but there was a paper
showing that an encrypted counter was secure to use as IVs for CBC
mode. So encrypting a shorter random IV should also be secure.
Greg.
On 2010 Jun 2, at 9:36 , Ralph Holz wrote:
Dear all,
A colleague dropped in yesterday
On Jul 9, 2010, at 1:55 12PM, Jonathan Katz wrote:
CTR mode seems a better choice here. Without getting too technical, security
of CTR mode holds as long as the IVs used are fresh whereas security of CBC
mode requires IVs to be random.
In either case, a problem with a short IV (no matter
On Jul 9, 2010, at 1:55 PM, Jonathan Katz wrote:
CTR mode seems a better choice here. Without getting too technical,
security of CTR mode holds as long as the IVs used are fresh
whereas security of CBC mode requires IVs to be random.
In either case, a problem with a short IV (no matter what
