[Cryptography] Shortening block cipher length...
Patrick Chkoreff
pc at fexl.com
Mon Jul 19 09:18:26 EDT 2021
Natanael wrote on 7/17/21 8:11 PM:
> XOR is not a good combiner here for a plain counter, P XOR Ctr exposes
> if the plaintext iterates (or rather decreases) by the same value as the
> counter in between blocks. If P goes down by one and Ctr up by one, C is
> identical for the for the two blocks.
Good point.
> Either the counter must be pseudorandom or you must use a different
> combiner like a keyed permutation (double block cipher invocation per
> message block).
-- Patrick
More information about the cryptography
mailing list