Re: How strong would randomizing data be ?
From: Skybuck Flying (nospam_at_hotmail.com)
Date: Thu, 5 May 2005 07:25:28 +0200
"Skybuck Flying" <firstname.lastname@example.org> wrote in message news:...
> "Joseph Ashwood" <email@example.com> wrote in message
> > "Skybuck Flying" <firstname.lastname@example.org> wrote in message
> > news:email@example.com...
> > > The question is if there is such a thing as true randomness ;)
> > >
> > > In the end everything happens because of some sort of system ;)
> > This is actually a somewhat open area of debate, no one has successfully
> > proven that entropy exists, but at this point the theories suggesting it
> > does not do not appear accurate.
> > As to the strength of your "design" it is almost certainly flawed, and
> > haven't even given details. The reason is rather simple, you need to
> > cryptographically strong pRNGs and these are in short supply unless you
> > a good block cipher in CTR mode. Either way you've over designed and
> > engineered, especially in security.
> > As others have noted you have basically reinvented the stream cipher,
> > in a rather convoluted way. You really don't need all the layers you
> > and your reasons behind creating the design can be easily dealt with
> > otherways, the short problem is dealt with through padding. That you are
> > using ECB is easily addressed by switching modes, etc.
> The number of layers is about the same.
> My scheme might even be stronger than AES.
> In AES the counter (IV) is simply incremented.
> In my version the "counter" is randomized.
> What I don't undestand is why it would be bad for AES in CTR mode if the
> same counter is re-used...
> if it is just re-used for a couple of bytes why would that be bad ?
Never mind that question.
I simply can't believe that AES in CTR mode is so stupid...
It encrypts something which an attacker could known given the IV...
People always talk about attacks when some plain text is known...
Well in this case it could be very easy to guess the plaintext especially
when the IV is known etc...
I simply can't believe that people call this strong encryption ;)
I have been over this before and I come to the same conclusion. AES in CTR
mode simply sucks ;)