Question w.r.t. AES-CBC IV

David Wagner daw at cs.berkeley.edu
Sat Jul 10 16:22:23 EDT 2010


Jerry Leichter  wrote:
> CTR mode is dangerous unless you're also doing message authentication,  

Nitpick:

That's true of CBC mode, too, and almost any other encryption mode.
Encryption without authentication is dangerous; if you need to encrypt,
you almost always need message authentication as well.

(I will agree that CTR mode encryption without message authentication
is often even more dangerous than CBC mode encryption without message
authentication, but usually neither is a good idea.)

Setting that minor nitpick aside, the discussion here seems like good
advice.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list