On Tue, Dec 27, 2005 at 11:34:15PM +, Ben Laurie wrote:
If you don't have sufficient plain/ciphertext, then of course you can
choose incorrect pairs.
Yep - that's my point. The thing to note is that for an arbitrary
permutation, knowing the image of n plaintexts tells you (almost)
nothing
On 12/26/05, Ben Laurie [EMAIL PROTECTED] wrote:
Surely if you do this, then there's a meet-in-the middle attack: for a
plaintext/ciphertext pair, P, C, I choose random keys to encrypt P and
decrypt C. If E_A(P)=D_B(C), then your key was A.B, which reduces the
strength of your cipher from 2^x
On Tue, Dec 27, 2005 at 03:26:59AM -0600, Travis H. wrote:
On 12/26/05, Ben Laurie [EMAIL PROTECTED] wrote:
Surely if you do this, then there's a meet-in-the middle attack: for a
plaintext/ciphertext pair, P, C, I choose random keys to encrypt P and
decrypt C. If E_A(P)=D_B(C), then your
On Dec 21, 2005, at 0:10, Ben Laurie wrote:
Good ciphers aren't permutations, though, are they? Because if they
were, they'd be groups, and that would be bad.
A given cipher, with a given key, is a permutation of blocks.
(Assuming output blocks and input blocks are the same size.) It may
Matt Crawford wrote:
On Dec 21, 2005, at 0:10, Ben Laurie wrote:
Good ciphers aren't permutations, though, are they? Because if they
were, they'd be groups, and that would be bad.
A given cipher, with a given key, is a permutation of blocks. (Assuming
output blocks and input blocks are the
Actually, by definition, a cipher should be a permutation from the set
of plaintexts to the set of ciphertexts. It has to be 1 to 1 bijective
or it isn't an encryption algorithm.
Therefore, if you want an ergodic sequence of size 2^N, a counter
encrypted under an N bit block cipher will do it.
Good ciphers aren't permutations, though, are they? Because if they
were, they'd be groups, and that would be bad.
Actually, by definition, a cipher should be a permutation from the set
of plaintexts to the set of ciphertexts. It has to be 1 to 1 bijective
or it isn't an encryption
On 12/21/05, Perry E. Metzger [EMAIL PROTECTED] wrote:
Good ciphers aren't permutations, though, are they? Because if they
were, they'd be groups, and that would be bad.
Actually, by definition, a cipher should be a permutation from the set
of plaintexts to the set of ciphertexts. It has to
Jack Lloyd wrote:
On Mon, Dec 12, 2005 at 12:20:26AM -0600, Travis H. wrote:
2) While CTR mode with a random key is sufficient for creating a
permutation of N-bit blocks for a fixed N, is there a general-purpose
way to create a N-bit permutation, where N is a variable? How about
picking a
Ben Laurie [EMAIL PROTECTED] writes:
Jack Lloyd wrote:
On Mon, Dec 12, 2005 at 12:20:26AM -0600, Travis H. wrote:
2) While CTR mode with a random key is sufficient for creating a
permutation of N-bit blocks for a fixed N, is there a general-purpose
way to create a N-bit permutation, where N
On Mon, 12 Dec 2005, Travis H. wrote:
One thing I haven't seen from a PRNG or HWRNG library or device is an
unpredictable sequence which does not repeat; in other words, a
[cryptographically strong?] permutation. This could be useful in all
Rich Schroeppel tells me his Hasty Pudding cipher
On Mon, Dec 12, 2005 at 12:20:26AM -0600, Travis H. wrote:
2) While CTR mode with a random key is sufficient for creating a
permutation of N-bit blocks for a fixed N, is there a general-purpose
way to create a N-bit permutation, where N is a variable? How about
picking a cryptographically
12 matches
Mail list logo
