[Cryptography] Dieharder & symmetric cryptosystems
Michel Arboi
michel.arboi at gmail.com
Fri Jan 17 09:25:18 EST 2020
Le jeu. 16 janv. 2020 à 23:37, james hughes <hughejp at me.com> a écrit :
> OFB with a plaintext of 0s is a permutation, not a random permutation.
I'm not sure I understand the role of the plaintext, considering that
it is just XOR-ed with the cipher stream. Did I miss something?
What do you mean by "not random"? That it will cycle eventually?
> It will cycle, usually around 2^{n-1} where the n is the block size. The cycle could (improbably) be as short as 1 block.
> So OFB is not usable as an RNG.
2^127 is safe in practice for any PRNG (if I am lucky). We'd need an
impractical amount of resources to detect the cycle.
What is the probability of getting a short cycle?
> CTR mode is better, (but still not random since values do not repeat)
> Hash is better.
Is there a real difference between hashing a counter (concatenated to
a nounce) and encrypting it as in CTR mode?
More information about the cryptography
mailing list