[Cryptography] [Crypto-practicum] Justify the sequence of operations in CTR mode.
Ray Dillinger
bear at sonic.net
Fri Feb 12 15:58:00 EST 2016
Agh, you're absolutely right about a chosen plaintext distinguishing
attack. If the attacker knows (or can arrange) that some portion of
the plaintext differs by exactly sequential numbers in each block, they
can tell where in the ciphertext that plaintext actually is - thus
know, eg, where to target if they want to mess nearby blocks up.
So, crap, the op just got more expensive by a hash operation. Doesn't
have to be a heck of a great hash operation but it has to obscure
patterns.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160212/3bc6a74f/attachment.sig>
More information about the cryptography
mailing list