Re: Algorithm Modes

From: Sam Simpson (sam_at_samsimpson.com)
Date: 09/08/03 

Date: Mon, 8 Sep 2003 19:31:05 +0000 (UTC)

I agree with you entirely Tom - Schneier details further reasons in sect 5.7
of Practical Cryptography.

My point was that "the group" should work on updating the FAQ with these
reasons rather than answering the questions post by post. Just common
sense, I guess.

Cheers,

Sam

"Tom St Denis" <tomstdenis@iahu.ca> wrote in message
news:HA47b.193619$_V.184655@news04.bloor.is.net.cable.rogers.com...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Sam Simpson wrote:
> | Hi Tom
> |
> | It's recommended in the groups current pseudo-FAQ
> | http://www.mindspring.com/~schlafly/crypto/faq.txt - if the groups
opinion
> | is that CTR (or whatever) should always be used in place of CBC then
best
> | get the FAQ changed accordingly?
>
> Maybe the FAQ is outdated? I dunno. People seem to like CBC for all
> the wrong reasons.
>
> The main "attraction" is that the data passes through the cipher but
> that actually has two major draw backs
>
> 1. It forces a decryption routine to be required.
> 2. It forces the algorithm to only work in sequence.
>
> CTR has major advantages that I've posted numerous times and will again
> for kicks
>
> 1. Can be precomputed [e.g. the pad], can be implemented in parallel
> and can trivially seek.
>
> 2. Only requires the encryption [or decryption if faster]
>
> 3. Tolerant to bit errors
>
> 4. Can encrypt messages of any bit length
>
> 5. Provably as secure [in a privacy context] as the underlying block
> cipher against a known plaintext attack.
>
> Many people mistake #3 as a flaw but in reality pure CBC mode doesn't
> have integrity either. You need a MAC in either case. In certain cases
> #3 can be a bonus. For instance, if you are decrypting from a medium
> [say CD or radio link] and some bits are irrecoverable you may wish to
> still decrypt.
>
> Tom
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQE/XNWasP+tEsHHY0ARAoFLAJ95h8UKDMAC3wxp2TnyMPut2osKewCeLSd+
> NwnGDI95WPNRe9z0S7jxljA=
> =gWTR
> -----END PGP SIGNATURE-----
>

Relevant Pages

  • Re: System Restore Points
    ... SC Tom typed: ... learn your reasons and figure out your methods. ... In light of your posts, ... I was trying to steer him toward MSE and Windows ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: System Restore Points
    ... "SC Tom" wrote in message ... In light of your posts, I still ask how you were trying to "show/teach them better ways and things"? ... I suggested MSE and Windows Firewall as a viable alternative. ... You may not like ZA or any of the other 3rd party security suites for various reasons, and that's your opinion and you're entitled to it. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: System Restore Points
    ... SC Tom typed: ... learn your reasons and figure out your methods. ... In light of your posts, ... I was trying to steer him toward MSE and Windows ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Quadratic Field Cryptography
    ... Someone posts legitimate reasons for their not using your library ... First off I don't know that GMP is faster than TFM. ... software for RSA, yada yada yada. ... I this, I that, Tom says Tom is vastly more impressive. ...
    (sci.crypt)
  • Re: What exactly does "Maximum Distance Exceded" mean?
    ... FAQ stands for Frequently Asked Questions. ... Joe Gwinn ... user base to read the code simply does not scale, for a host of reasons. ... I once did a "line count" of the entire NTP codebase. ...
    (comp.protocols.time.ntp)