Jim Hughes writes: >The IEEE P1619 standard group has dropped LRW mode. It has a >vulnerability that that are collisions that will divulge the mixing >key which will reduce the mode to ECB.
This is interesting. Could you elaborate on this? I suspect we could all learn from the work the IEEE P1619 working group is doing. I tried to trawl the P1619 mailing list archives to find some detailed analysis on the topic of collisions, as you suggested, but I probably wasn't looking in the right places. The closest I found was this message: http://grouper.ieee.org/groups/1619/email/msg01322.html which estimates that if one continuously accesses the disk for 4.6 years (roughly the average life time of a disk), the chances of seeing a collision are about 1/2^29. Is that the analysis that triggered the concern over collisions? Are there modes that beat the birthday bound on collisions while using a 128-bit block cipher? Are they proven secure beyond the birthday bound? I'm a little behind on the latest developments in modes of operation. It would be interesting to hear more about any interesting technical developments from the P1619 group. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]