Peter wrote:
> Yup. Actually the no-stored-IV encryption was never designed
> to be a non- malleable cipher mode, the design goal was to
> allow encryption-with-IV without having to explicitly store
> an IV. For PWRI it has the additional nice feature of
> avoiding collisions when you use a
On Sat, May 11, 2002 at 04:01:11AM +1200, Peter Gutmann wrote:
| General rant: It's amazing that there doesn't seem to be any published research
| on such a fundamental crypto mechanism, with the result that everyone has to
| invent their own way of doing it, usually badly. We don't even have
Adam Back <[EMAIL PROTECTED]> writes:
>I can see that, but the security of CBC MAC relies on the secrecy of the
>ciphertexts leading up to the last block. In the case of the mode you
>describe in RFC3211, the ciphertexts are not revealed directly but they are
>protected under a mode which has th