analysis and implementation of LRW
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue Jan 23 20:44:59 EST 2007
David Wagner <daw at cs.berkeley.edu>
>Jim Hughes writes:
>> The IEEE P1619 standard group has dropped LRW mode. It has a vulnerability
>> that that are collisions that will divulge the mixing key which will reduce
>> the mode to ECB.
>
>Peter Gutmann asks:
>> Is there any more information on this anywhere? I haven't been able to find
>> anything in the P1619 archives (or at least not under an obvious heading).
>
>Alexander Klimov replies:
>>Probably <http://grouper.ieee.org/groups/1619/email/msg00962.html>
>
>Huh. Was that the reason? I suspect there may have been more to it than
>that.
Actually there's a lot more to it than that, the original analysis was posted
by Quantum crypto guy Matt Ball (that's the drive manufacturer Quantum, not
quantum crypto) in late 2005:
http://grouper.ieee.org/groups/1619/email/msg00558.html
with a followup in early 2006:
http://grouper.ieee.org/groups/1619/email/msg00588.html
So it's not a case of "google is your friend", it's "'knowing which magic
incantation to type into google to find what you're looking for' is your
friend".
Anyway, it's a pretty detailed analysis, well worth reading.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list