Vlad SATtva Miller wrote:
Allen wrote on 31.01.2007 01:02:
I'll skip the rest of your excellent, and thought provoking post as it
is future and I'm looking at now.
From what you've written and other material I've read, it is clear that
even if the horizon isn't as short as five years, it is
| Currently I'm dealing
| with very large - though not as large as 4 gig - x-ray, MRI, and
| similar files that have to be protected for the lifespan of the
| person, which could be 70+ years after the medical record is
| created. Think of the MRI of a kid to scan for some condition
|
On Sun, Feb 04, 2007 at 11:27:00PM -0500, Leichter, Jerry wrote:
| 1) use a random key as large as the plaintext (one-time-pad)
...thus illustrating once again both the allure and the uselessness (in
almost all situations) of one-time pads.
For long-term storage, you are correct, OTP at best
Allen wrote on 31.01.2007 01:02:
I'll skip the rest of your excellent, and thought provoking post as it
is future and I'm looking at now.
From what you've written and other material I've read, it is clear that
even if the horizon isn't as short as five years, it is certainly
shorter than 70.
On Wed, Jan 24, 2007 at 03:28:50PM -0800, Allen wrote:
If 4 gigs is right, would it then be records to look for to break
the code via birthday attacks would be things like seismic data,
In case anyone else couldn't parse this, he means the amount of
encrypted material necessary to break the
David Wagner wrote:
[snip]
Another possible interpretation of (2) is that if you use LRW to encrypt
close to 2^64 blocks of plaintext, and if you are using a 128-bit block
cipher, then you have a significant chance of a birthday collision,
Am I doing the math correctly that 2^64 blocks of
On Wed, Jan 24, 2007 at 03:28:50PM -0800, Allen wrote:
David Wagner wrote:
[snip]
Another possible interpretation of (2) is that if you use LRW to encrypt
close to 2^64 blocks of plaintext, and if you are using a 128-bit block
cipher, then you have a significant chance of a birthday
To clarify a couple of points with regard to IEEE P1619 and LRW.
The original proposal which P1619 called LRW was actually a particular
concrete instantiation of a general construction from the LRW paper
(Liskov, Rivest and Wagner, Tweakable Block Ciphers, Crypto 02,
David Wagner [EMAIL PROTECTED]
Jim Hughes writes:
The IEEE P1619 standard group has dropped LRW mode. It has a vulnerability
that that are collisions that will divulge the mixing key which will reduce
the mode to ECB.
Peter Gutmann asks:
Is there any more information on this anywhere? I
David Wagner [EMAIL PROTECTED] writes:
That is indeed an interesting requirement, and one that seems to legitimately
rule out a number of existing modes of operation for IEEE P1619.
From reading through the followup discussions, I think there's a strong desire
to not standardise something that's
Thanks to everyone who responded with more information about IEEE
P1619. Here are some of the additional links, with my reactions:
Andrea Pasquinucci points to:
http://en.wikipedia.org/wiki/IEEE_P1619#LRW_issue
Ben Laurie points to:
http://grouper.ieee.org/groups/1619/email/msg00558.html
On Tue, 23 Jan 2007, Peter Gutmann wrote:
The IEEE P1619 standard group has dropped LRW mode. It has a vulnerability
that that are collisions that will divulge the mixing key which will reduce
the mode to ECB.
Is there any more information on this anywhere? I haven't been able to find
On Tue, Jan 23, 2007 at 05:56:29PM +0200, Alexander Klimov wrote:
* On Tue, 23 Jan 2007, Peter Gutmann wrote:
* The IEEE P1619 standard group has dropped LRW mode. It has a vulnerability
* that that are collisions that will divulge the mixing key which will reduce
* the mode to ECB.
*
* Is
David Wagner wrote:
Jim Hughes writes:
The IEEE P1619 standard group has dropped LRW mode. It has a
vulnerability that that are collisions that will divulge the mixing
key which will reduce the mode to ECB.
This is interesting. Could you elaborate on this? I suspect we could
all
Jim Hughes writes:
The IEEE P1619 standard group has dropped LRW mode. It has a vulnerability
that that are collisions that will divulge the mixing key which will reduce
the mode to ECB.
Peter Gutmann asks:
Is there any more information on this anywhere? I haven't been able to find
anything
In the last couple of days I have been considering implementing an
LRW mode for CGD (http://www.imrryr.org/~elric/cgd) (CryptoGraphic
Disk), but I haven't really seen a lot of cryptanalysis of it or
found the canonical implementation.
Has anyone here done the research? And if it is generally
16 matches
Mail list logo
