Re: counter mode and data integrity

From: John E. Hadstate (jh113355_at_hotmail.com)
Date: 10/31/03

• Next message: Stefan Seiffarth: "Re: How long to break a 512 bit RSA key?"
• Previous message: Foo Bar: "Re: Provable security against differential cryptanalysis"
• In reply to: Joerg Platte: "counter mode and data integrity"
• Next in thread: Joerg Platte: "Re: counter mode and data integrity"
• Reply: Joerg Platte: "Re: counter mode and data integrity"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 31 Oct 2003 06:01:24 -0500

"Joerg Platte" <Joerg.Platte@uni-dortmund.de> wrote in message
news:bnt7fi$f7r$1@nx6.HRZ.Uni-Dortmund.DE...
> Hi!
>
> I want to encrypt a file using AES in counter mode to allow random access.
> To prevent reuse of the counter I can't use the block number as counter.
> Hence, I must store the counter value, and a SHA-1 hash to ensure data
> integrity, for every block with the file.
>
> But I don't want to store the counter value for every block to save some
> bytes. I'm thinking about to use the hash value (computed with the data
> concatenated with the block number) as counter. This ensures data
integrity
> and a different counter value for every block. If two blocks are the same
> the concatenated block number should prevent the same counter value.
>
> Where can I find some information about this "special" counter mode? Is it
> secure?
>
> regards,
> Joerg
>

If I understand your proposal, you want to use part of a hash of the block
data concatenated with a block address as the counter in CTR mode. You
would then encipher the block data using the CTR-mode ciphertext.

My question is, how do you decipher the data? You need the plaintext to
compute the hash that makes-up part of your counter. If you don't have the
plaintext available, with what do you feed the counter?

• Next message: Stefan Seiffarth: "Re: How long to break a 512 bit RSA key?"
• Previous message: Foo Bar: "Re: Provable security against differential cryptanalysis"
• In reply to: Joerg Platte: "counter mode and data integrity"
• Next in thread: Joerg Platte: "Re: counter mode and data integrity"
• Reply: Joerg Platte: "Re: counter mode and data integrity"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Reducing the chance of collisions in known encryption systems ... > Isn't it that in your scheme one hash gives one ... collision string = a plaintext string of characters that would result ... The idea is to use a predefined ruleset (such as the ascii values of ... (sci.crypt) Re: md5 collisions and speeding tickets ... >>an excuse for an attack on the court system ... > I guess I meant that if the judge only knew all the technical details, ... > integrity of this evidence. ... The hash is now not ... (sci.crypt) Re: md5 collisions and speeding tickets ... If integrity isn't required, then ... >>don't offer a hash. ... If it is and the hash is broken then the evidence is ... the record have not abused it and a proper procedure has been enforced in ... (sci.crypt) Re: Does OTP need authentication? ... > I am assuming that the original sender would calculate the hash of the ... > plaintext, append that hash to the plaintext, and encrypt the lot with ... > the OTP. ... I'm never sure about Mallory.) ... (sci.crypt) Re: Combined Signature and Encryption Schemes. ... A block cipher on the Plaintext, this gives me the CipherText ... A Mac on the Ciphertext ... digitally signing the MAC value would remove the need for a hash pass ... (sci.crypt)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint