Had me going for a minute. I had to check http://condor.securephone.net/documents/fnbdt_brief.pdf as well as the dual counter mode description. I thought dual counter might refer to the two half blocks found in the FNBDT Counter Mode (which is instead the counter mode described by Lipmaa/Rogaway/Wagner). Are there any references/urls/notes describing an analysis of dual counter mode? I searched web sites and NISTs Mode of Operation Forum. The only thing readily apparent is that it appears to be inspired by the desire to generate new protocols. While FNBDT has been said to have been implemented via wireless IP on notebooks, I can sympathize with accumulating overhead - especially in narrowband applications. "R. A. Hettinga" wrote: > > --- begin forwarded text > > Reply-To: <[EMAIL PROTECTED]> > From: "Paulo S. L. M. Barreto" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: NSA's new mode of operation broken in less than 24 hours > Date: Thu, 2 Aug 2001 22:40:32 -0300 > Sender: [EMAIL PROTECTED] > > NSA has recently convinced NIST to include a new algorithm - something they > dubbed "Double Counter" mode after 18 months of development - for > consideration as a possible standard mode of operation for the AES. It's > described at <http://csrc.nist.gov/encryption/modes/proposedmodes/>, but I > wouldn't bother reading it now had I not done it already. The new mode seems > to have been reduced to bits by Phillip Rogaway, David Wagner and others. > > Could it be that the NSA is losing its proverbial cryptologic skills? For > one can't help but conclude that, if they acted in good faith to provide a > useful mode, then they did a very poor job, and if they acted otherwise, > then they quite underestimate current public knowledge in the area. > > Paulo Barreto. > -- remove "no_spam_" from Reply-to address --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]