analysis and implementation of LRW
Victor Duchovni
Victor.Duchovni at MorganStanley.com
Thu Jan 25 15:17:22 EST 2007
On Wed, Jan 24, 2007 at 03:28:50PM -0800, Allen wrote:
>
>
> David Wagner wrote:
>
> [snip]
>
> >Another possible interpretation of (2) is that if you use LRW to encrypt
> >close to 2^64 blocks of plaintext, and if you are using a 128-bit block
> >cipher, then you have a significant chance of a birthday collision,
>
> Am I doing the math correctly that 2^64 blocks of 128 bits is
> 2^32 bytes or about 4 gigs of data? Or am I looking at this the
> wrong way?
This is quite wrong. 2^64 * 2^4 = 2^68 not 2^32, I don't know where you
lost the factor 2^36, but it sure makes a big difference.
--
/"\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAIL Morgan Stanley confidentiality or privilege,
and use is prohibited.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list