On Dec 16, 2005, at 12:18 PM, Michael Torla wrote:
Although I am aware of no attacks on AES-ECB today, one may be identified in the future.
Other than the obvious dictionary attack...
I should think it would be desirable to make the LRW somewhat stronger than the base cryptographic algorithm if possible.
We are not here to increase the security of the algorithm, or to be "arm chair cryptographers" improving something for reasons we don't understand. We should choose and use the algorithm in the securest manner possible. My experience has shown that doing this kind of tinkering, more often than not, only increases the user's perception of security, not the actual security of the system. As an example (that does not apply to this situation) is that many people claim that compressing before encryption to whiten the data to make known plaintext attacks "harder" because the underlying crypto is soft. This is a lot of work, and at the end of the day the attacker can just send incompressible data and the countermeasure is toast.
Lets stick to modes.
