On Wed, Jan 24, 2007 at 03:28:50PM -0800, Allen wrote: > > > David Wagner wrote: > > [snip] > > >Another possible interpretation of (2) is that if you use LRW to encrypt > >close to 2^64 blocks of plaintext, and if you are using a 128-bit block > >cipher, then you have a significant chance of a birthday collision, > > Am I doing the math correctly that 2^64 blocks of 128 bits is > 2^32 bytes or about 4 gigs of data? Or am I looking at this the > wrong way?
This is quite wrong. 2^64 * 2^4 = 2^68 not 2^32, I don't know where you lost the factor 2^36, but it sure makes a big difference. -- /"\ ASCII RIBBON NOTICE: If received in error, \ / CAMPAIGN Victor Duchovni please destroy and notify X AGAINST IT Security, sender. Sender does not waive / \ HTML MAIL Morgan Stanley confidentiality or privilege, and use is prohibited. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]