[40548] in cryptography@c2.net mail archive
Re: IGE mode in OpenSSL
daemon@ATHENA.MIT.EDU (Travis H.)
Mon Sep 4 18:54:23 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 4 Sep 2006 16:09:53 -0500
From: "Travis H." <solinym@gmail.com>
To: "Ben Laurie" <ben@algroup.co.uk>
Cc: Cryptography <cryptography@metzdowd.com>
In-Reply-To: <44FC4DCE.4010804@algroup.co.uk>
The NIST server is down.
Care to post the algorithm?
By the term "crib" do you mean a known-plaintext?
I'd like to see a proof that it is not possible to alter the final
block to make it
decrypt to all zeroes; that seems worse than CRCs and putting a CRC at the
end of the plaintext is a common, and often broken, way to do integrity
checking, because it's linear and allows the opponent to toggle bits in the
plaintext and fix the CRC without breaking the encryption.
I don't see how appending a hash of the plaintext could be a crib. The
encryption prevents the opponent from knowing the plaintext, so
he wouldn't know what the hash preimage is. If you encrypt the hash,
you basically have HMAC without using a keyed hash.
There are block modes that do integrity and encryption at the same time;
does this offer and advantage over them, and if so how?
--
"If you're not part of the solution, you're part of the precipitate."
Unix "guru" for rent or hire -><- http://www.lightconsulting.com/~travis/
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
