[Cryptography] Shortening block cipher length...

[Patrick Chkoreff]

Natanael wrote on 7/17/21 8:11 PM:

> XOR is not a good combiner here for a plain counter, P XOR Ctr exposes 
> if the plaintext iterates (or rather decreases) by the same value as the 
> counter in between blocks. If P goes down by one and Ctr up by one, C is 
> identical for the for the two blocks.

Good point.


> Either the counter must be pseudorandom or you must use a different 
> combiner like a keyed permutation (double block cipher invocation per 
> message block).


-- Patrick