Peter wrote:
Yup. Actually the no-stored-IV encryption was never designed
to be a non- malleable cipher mode, the design goal was to
allow encryption-with-IV without having to explicitly store
an IV. For PWRI it has the additional nice feature of
avoiding collisions when you use a
Adam Back [EMAIL PROTECTED] writes:
I can see that, but the security of CBC MAC relies on the secrecy of the
ciphertexts leading up to the last block. In the case of the mode you
describe in RFC3211, the ciphertexts are not revealed directly but they are
protected under a mode which has the
On Sat, May 11, 2002 at 04:01:11AM +1200, Peter Gutmann wrote:
| General rant: It's amazing that there doesn't seem to be any published research
| on such a fundamental crypto mechanism, with the result that everyone has to
| invent their own way of doing it, usually badly. We don't even
On Mon, Apr 29, 2002 at 11:58:46AM +1200, Peter Gutmann wrote:
Adam Back [EMAIL PROTECTED] writes:
| [RFC3211 mode]
are you sure it's not vulnerable to splicing attacks (swapping
ciphertext blocks around to get a partial plaintext change which
recovers after a block or two)? CBC
