NSA's new mode of operation broken in less than 24 hours

R. A. Hettinga rah at shipwright.com
Fri Aug 3 10:50:34 EDT 2001

--- begin forwarded text

Reply-To: <paulo.barreto at terra.com.br>
From: "Paulo S. L. M. Barreto" <paulo.barreto at terra.com.br>
To: <coderpunks at toad.com>
Subject: NSA's new mode of operation broken in less than 24 hours
Date: Thu, 2 Aug 2001 22:40:32 -0300
Sender: owner-coderpunks at toad.com

NSA has recently convinced NIST to include a new algorithm - something they
dubbed "Double Counter" mode after 18 months of development - for
consideration as a possible standard mode of operation for the AES. It's
described at <http://csrc.nist.gov/encryption/modes/proposedmodes/>, but I
wouldn't bother reading it now had I not done it already. The new mode seems
to have been reduced to bits by Phillip Rogaway, David Wagner and others.

Could it be that the NSA is losing its proverbial cryptologic skills? For
one can't help but conclude that, if they acted in good faith to provide a
useful mode, then they did a very poor job, and if they acted otherwise,
then they quite underestimate current public knowledge in the area.

Paulo Barreto.

--- end forwarded text

R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list