[Cryptography] Odd bit of security advice

Viktor Dukhovni cryptography at dukhovni.org
Mon Jun 4 21:47:07 EDT 2018

> On Jun 4, 2018, at 8:27 PM, Jerry Leichter <leichter at lrw.com> wrote:
> It's that last comment - that the bottom 64 bits of a counter encrypted with a 128- or 256-bit cipher may repeat after a short time - that really puzzles me.  Surely any 128- or 256-bit cipher with this property would immediately fail certification, as it would be easily distinguishable from a random permutation.
> What am I missing?

Pseudo-random 64-bit data has a high collision probability after 2^32 outputs.
While encryption of a 64-bit counter with a 64-bit block cipher maintains
a non-repeating sequence for 2^64 outputs.


More information about the cryptography mailing list