Jerry Leichter wrote:
> CTR mode is dangerous unless you're also doing message authentication,
Nitpick:
That's true of CBC mode, too, and almost any other encryption mode.
Encryption without authentication is dangerous; if you need to encrypt,
you almost always need message authentication as w
Ralph Holz writes:
> He wanted to scrape off some additional bits when using AES-CBC because
> the messages in his concept are very short (a few hundred bit). So he
I'd rather have a known-safe design than to save 12 bytes.
Seriously: what the hell.
Say you have 1-byte messages, and that the cr
Ralph Holz writes:
>CTR mode seems a better choice here. Without getting too technical, security
>of CTR mode holds as long as the IVs used are "fresh" whereas security of CBC
>mode requires IVs to be random.
Unfortunately CTR mode, being a stream cipher, fails completely if the
IV's/keys aren't
Ralph Holz writes:
>CTR mode seems a better choice here. Without getting too technical, security
>of CTR mode holds as long as the IVs used are "fresh" whereas security of CBC
>mode requires IVs to be random.
Unfortunately CTR mode, being a stream cipher, fails completely if the
IV's/keys aren't
On Jul 9, 2010, at 1:55 PM, Jonathan Katz wrote:
CTR mode seems a better choice here. Without getting too technical,
security of CTR mode holds as long as the IVs used are "fresh"
whereas security of CBC mode requires IVs to be random.
In either case, a problem with a short IV (no matter wha
On Jul 9, 2010, at 1:55 12PM, Jonathan Katz wrote:
> CTR mode seems a better choice here. Without getting too technical, security
> of CTR mode holds as long as the IVs used are "fresh" whereas security of CBC
> mode requires IVs to be random.
>
> In either case, a problem with a short IV (no
Unfortunately I can't remember the author, but there was a paper
showing that an encrypted counter was secure to use as IVs for CBC
mode. So encrypting a shorter random IV should also be secure.
Greg.
On 2010 Jun 2, at 9:36 , Ralph Holz wrote:
Dear all,
A colleague dropped in yesterday an
CTR mode seems a better choice here. Without getting too technical,
security of CTR mode holds as long as the IVs used are "fresh" whereas
security of CBC mode requires IVs to be random.
In either case, a problem with a short IV (no matter what you do) is the
possibility of IVs repeating. If y