Re: ECB-Counter AES mode
- From: Mark Wooding <mdw@xxxxxxxxxxxxxxxx>
- Date: Sat, 29 Nov 2008 14:36:08 +0000 (UTC)
John E. Hadstate <jh113355@xxxxxxxxxxx> wrote:
"Mark Wooding" <mdw@xxxxxxxxxxxxxxxx> wrote in message
news:slrngj2djl.5k5.mdw@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Re-encrypting the CTR-mode output provides a minimal level of
protection in the case where you're sufficiently stupid to reuse a
counter value.
Not necessarily.
If you're stupid enough to reuse the same counter with different
messages then the adversary no longer gets to XOR the ciphertexts to
reveal the XOR of the plaintexts. I don't think this is a worthwhile
improvement: you're far better off just not reusing counters (e.g., by
maintaining state).
So, yes, necessarily.
If you re-encrypt using ECB mode as the OP proposed, then re-using the
counter (and both keys) will still yield the same ciphertext for a
given plaintext.
Indeed. That's why it's a /minimal/ improvement.
-- [mdw]
.
- Follow-Ups:
- Re: ECB-Counter AES mode
- From: Karl Malbrain
- Re: ECB-Counter AES mode
- References:
- ECB-Counter AES mode
- From: Karl Malbrain
- Re: ECB-Counter AES mode
- From: David Eather
- Re: ECB-Counter AES mode
- From: Karl Malbrain
- Re: ECB-Counter AES mode
- From: John E. Hadstate
- Re: ECB-Counter AES mode
- From: Karl Malbrain
- Re: ECB-Counter AES mode
- From: Mark Wooding
- Re: ECB-Counter AES mode
- From: John E. Hadstate
- ECB-Counter AES mode
- Prev by Date: Re: ECB-Counter AES mode
- Next by Date: Re: A chosen plaintext attack for XXTEA
- Previous by thread: Re: ECB-Counter AES mode
- Next by thread: Re: ECB-Counter AES mode
- Index(es):
Loading
