On Tue, Dec 15, 2015 at 4:59 PM, Henrick Hellström <[email protected]> wrote:
> On 2015-12-16 01:31, Watson Ladd wrote: > >> You don't understand the issue. The issue is PRP not colliding, whereas >> PRF can. >> > > Oh, but I concur. This means that if you observe two same valued cipher > text blocks, you know that the corresponding key stream blocks can't be > identical, That assumes that the plaintext is identical, no? That may be true in some limited cases, but isn't generally true -Ekr and deduce that the corresponding plain text blocks have to be different. > Such observations consequently leak information about the plain text, in > the rare and unlikely event they actually occur. > > However, calling it an exploitable weakness is a bit of a stretch. AES-CBC > is likely to loose confidentiality slightly faster, for typical plain texts. > > > _______________________________________________ > TLS mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
