Re: Pitfalls in CFB mode?

Kristian Gjøsteen wrote:
Couldn't you just shorten the shift register by an appropriate amount?

Sure, but you don't dare shorten it too much. If you shorten it so that
only n bits of ciphertext enter the shift register (and the remaining
128-n bits are constant), then thanks to the birthday paradox, the
resulting scheme will only be secure for encrypting up to around 2^{n/2}
blocks of plaintext. The first time there is any repeat in those n-bit
values, the subsequent block will be encrypted with the equivalent of
the two-time pad, which isn't good. For instance, if you use AES but
with the shift register shortened to n=64 bits, then you'll only be
secure for encrypting up to a few billion blocks of data.

Relevant Pages

  • Re: Win2k3 Web Edition - Usage of EFS
    ... I can't say what's "secure enough". ... What I can say is that if you're not encrypting in system context, ... attack. ... (and you'll be prompted for password protection of the pfx, blah, blah, ...
  • Re: Security
    ... I know I would not be encrypting the whole HD only that directory ... This way your secure work is never on the computer. ... Locks only keep honest people out...any crook determined enough will get ... If you dont know how to ignore a posting complain ...
  • Re: Email encription
    ... >How do I set this up so it is secure when they send. ... your own server. ... Alternatively, think again about encrypting the data, or about why you ... Data security ...
  • Re: Tools to store account (password..) in encrypted format ?
    ... I use plain text to store my passwords but it isn't secure. ... If your home directory is only readable by you, ... encrypting each file with gnupg or SSL ...
  • Re: Working on ARC4-16 bit
    ... >stream ciphers rests on the assumption that all bits are secure. ... >both cases there is no reason to avoid encrypting 16 bit blocks. ... Electronics Engineer & Project Manager for hire. ... Remember Doc Brown from the _Back to the Future_ movies? ...