IGE mode in OpenSSL
Travis H.
solinym at gmail.com
Mon Sep 4 17:09:53 EDT 2006
The NIST server is down.
Care to post the algorithm?
By the term "crib" do you mean a known-plaintext?
I'd like to see a proof that it is not possible to alter the final
block to make it
decrypt to all zeroes; that seems worse than CRCs and putting a CRC at the
end of the plaintext is a common, and often broken, way to do integrity
checking, because it's linear and allows the opponent to toggle bits in the
plaintext and fix the CRC without breaking the encryption.
I don't see how appending a hash of the plaintext could be a crib. The
encryption prevents the opponent from knowing the plaintext, so
he wouldn't know what the hash preimage is. If you encrypt the hash,
you basically have HMAC without using a keyed hash.
There are block modes that do integrity and encryption at the same time;
does this offer and advantage over them, and if so how?
--
"If you're not part of the solution, you're part of the precipitate."
Unix "guru" for rent or hire -><- http://www.lightconsulting.com/~travis/
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list