[Cryptography] Odd bit of security advice
Viktor Dukhovni
cryptography at dukhovni.org
Mon Jun 4 21:47:07 EDT 2018
> On Jun 4, 2018, at 8:27 PM, Jerry Leichter <leichter at lrw.com> wrote:
>
> It's that last comment - that the bottom 64 bits of a counter encrypted with a 128- or 256-bit cipher may repeat after a short time - that really puzzles me. Surely any 128- or 256-bit cipher with this property would immediately fail certification, as it would be easily distinguishable from a random permutation.
>
> What am I missing?
Pseudo-random 64-bit data has a high collision probability after 2^32 outputs.
While encryption of a 64-bit counter with a 64-bit block cipher maintains
a non-repeating sequence for 2^64 outputs.
--
Viktor.
More information about the cryptography
mailing list