Warning! New cryptographic modes!
Jerry Leichter
leichter at lrw.com
Mon May 11 16:54:24 EDT 2009
On May 11, 2009, at 2:16 PM, Roland Dowdeswell wrote:
> On 1241996128 seconds since the Beginning of the UNIX epoch
> Jerry Leichter wrote:
> I'm not convinced that a stream cipher is appropriate here because
> if you change the data then you'll reveal the plaintext.
Well, XOR of old a new plaintext. But point taken.
Sounds like this might actually be an argument for a stream cipher
with a more sophisticated combiner than XOR. (Every time I've
suggested that, the response has been "That doesn't actually add any
strength, so why bother". And in simple data-in-motion encryption,
that's certainly true.)
Perhaps Matt Ball's suggestion of XTS works; I don't see exactly what
he's suggesting. There is certainly a parallel with disk encryption
algorithms, but the problem is different: Using rsync inherently
reveals what's changed in the cleartext (at least to some level of
granularity), so trying to protect against an attack that reveals this
information - something one worries about in disk encryption - is
beside the point.
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list