[EMAIL PROTECTED] wrote: > [...] However, being a one-to-one > mapping, one important manipulation is still possible: changing the > ciphertext will cause the deciphered plaintext to be different. > Therefore, it is not true, that the plaintext is *randomized*, > contrary to the common believes.
This last sentence is plain wrong. The plaintext is randomized, over a set whose size is 2^n-1 instead of 2^n. You will never detect the difference between this and a set of size 2^n in your lifetime. Put in other words, even if this was truly random (rather than "truly random but different than the original text" as it is in LRW) you will never get the original plaintext back. For all intents and purposes the plaintext is randomized. >> Because of the environment being protected, there was the additional >> requirement that LRW be length-preserving. > > I don't think this requirement has anything to do with environment > protection ;-) . It is only a practical convenience, and its importance > is controversial. I fully agree here. There may be cases where length-preserving encryption is absolutely needed, but I'm very skeptical about there being many such cases. -- Shai
