On 5/17/06, Kuehn, Ulrich [EMAIL PROTECTED] wrote:
Given known plaintext and corresponding ciphertext, there should not be too
many keys that map the plaintext to the ciphertext. I don't have the
probability at hand how many such 'collisions' you would expect from 256 random
permutations, but
On 5/18/06, Travis H. [EMAIL PROTECTED] wrote:
... There's 255 other permutations, so the chance that there is
at least one k' such that f_k'(x)=y is 255/256 = 99.6%. The chance
that there is exactly one such k' is sampling with replacement and if
I am not mistaken P(|K|=1) = (255/256)^255 =
Travis H. [EMAIL PROTECTED] writes:
On 5/14/06, Victor Duchovni [EMAIL PROTECTED] wrote:
Security is fragile. Deviating from well understood primitives may be
good research, but is not good engineering. Especially fragile are:
Point taken. This is not for a production system, it's a
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
The thing I've always wondered about stream ciphers is why we only
talk about linear ones. A stream cipher is fundamentally constructed
of two things: A stream of bits (alleged to be unpredictable) as
long as
* Travis H.:
IIUC, protocol design _should_ be easy, you just perform some
finite-state analysis and verify that, assuming your primitives are
ideal, no protocol-level operations break it.
Is this still true if you don't know your actual requirements?
| - Stream ciphers (additive)
|
| This reminds me, when people talk about linearity with regard to a
| function, for example CRCs, exactly what sense of the word do they
| mean? I can understand f(x) = ax + b being linear, but how exactly
| does XOR get involved, and are there +-linear
On 5/15/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Other than post by a guy - Terry someone or another - on sci.crypt
a number of years ago - I've never seen any work in this direction.
Is there stuff I'm not aware of?
That would probably be Terry Ritter, www.ciphersbyritter.com.
He calls
Travis H. writes:
Excellent point. When I wrote that I had strongly universal hashes in
mind, like UMAC, where the hash is chosen from a family of functions
based on some secret data shared by sender and recipient. I
mistakenly conflated them with ordinary hashes (which they are, once
you
Travis H. wrote:
- Stream ciphers (additive)
This reminds me, when people talk about linearity with regard to a
function, for example CRCs, exactly what sense of the word do they
mean? I can understand f(x) = ax + b being linear, but how exactly
does XOR get involved, and are there +-linear
So...
Suppose I want a function to provide integrity and authentication, and
that is to be combined with a stream cipher (as is the plaintext). I
believe that authentication is free once I have integrity given the
fact that the hash value is superencrypted using the stream cipher,
whose key is
On Sun, May 14, 2006 at 03:04:41AM -0500, Travis H. wrote:
Suppose I want a function to provide integrity and authentication, and
that is to be combined with a stream cipher (as is the plaintext). I
believe that authentication is free once I have integrity given the
fact that the hash value
On 5/14/06, Eric Rescorla [EMAIL PROTECTED] wrote:
Consider the case where you're transmitting message M. The
hash is H(M). You then encrypt (M || H(M)), generating
K XOR (M || H(M)). If the attacker knows M and H, he can
compute (M || H(M)) and compute K. Then he can re-encrypt
a message M' of
On 5/14/06, Victor Duchovni [EMAIL PROTECTED] wrote:
Security is fragile. Deviating from well understood primitives may be
good research, but is not good engineering. Especially fragile are:
Point taken. This is not for a production system, it's a research thing.
TLS (available via OpenSSL)
- Stream ciphers (additive)
This reminds me, when people talk about linearity with regard to a
function, for example CRCs, exactly what sense of the word do they
mean? I can understand f(x) = ax + b being linear, but how exactly
does XOR get involved, and are there +-linear functions and
On Sun, May 14, 2006 at 07:56:17PM -0500, Travis H. wrote:
On 5/14/06, Victor Duchovni [EMAIL PROTECTED] wrote:
Security is fragile. Deviating from well understood primitives may be
good research, but is not good engineering. Especially fragile are:
Point taken. This is not for a
15 matches
Mail list logo