analysis and implementation of LRW

Ben Laurie ben at
Tue Jan 23 13:03:04 EST 2007

David Wagner wrote:
> Jim Hughes writes:
>> The IEEE P1619 standard group has dropped LRW mode. It has a  
>> vulnerability that that are collisions that will divulge the mixing  
>> key which will reduce the mode to ECB.
> This is interesting.  Could you elaborate on this?  I suspect we could
> all learn from the work the IEEE P1619 working group is doing.
> I tried to trawl the P1619 mailing list archives to find some detailed
> analysis on the topic of collisions, as you suggested, but I probably
> wasn't looking in the right places.  The closest I found was this message:
> which estimates that if one continuously accesses the disk for 4.6
> years (roughly the average life time of a disk), the chances of seeing
> a collision are about 1/2^29.  Is that the analysis that triggered the
> concern over collisions?

Google is your friend:




"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list