[144447] in cryptography@c2.net mail archive
Re: Warning! New cryptographic modes!
daemon@ATHENA.MIT.EDU (Jerry Leichter)
Mon May 11 18:01:00 2009
Cc: Cryptography List <cryptography@metzdowd.com>
From: Jerry Leichter <leichter@lrw.com>
To: Roland Dowdeswell <elric@imrryr.org>
In-Reply-To: <20090511181645.BC1C438145@arioch.imrryr.org>
Date: Mon, 11 May 2009 16:54:24 -0400
On May 11, 2009, at 2:16 PM, Roland Dowdeswell wrote:
> On 1241996128 seconds since the Beginning of the UNIX epoch
> Jerry Leichter wrote:
> I'm not convinced that a stream cipher is appropriate here because
> if you change the data then you'll reveal the plaintext.
Well, XOR of old a new plaintext. But point taken.
Sounds like this might actually be an argument for a stream cipher
with a more sophisticated combiner than XOR. (Every time I've
suggested that, the response has been "That doesn't actually add any
strength, so why bother". And in simple data-in-motion encryption,
that's certainly true.)
Perhaps Matt Ball's suggestion of XTS works; I don't see exactly what
he's suggesting. There is certainly a parallel with disk encryption
algorithms, but the problem is different: Using rsync inherently
reveals what's changed in the cleartext (at least to some level of
granularity), so trying to protect against an attack that reveals this
information - something one worries about in disk encryption - is
beside the point.
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
