[cryptography] Tigerspike claims world first with Karacell for mobile security

Jeffrey Walton noloader at gmail.com
Thu Dec 27 13:46:40 EST 2012


On Thu, Dec 27, 2012 at 1:35 PM, Ben Laurie <ben at links.org> wrote:
> On Thu, Dec 27, 2012 at 9:18 AM, Russell Leidich <pkejjy at gmail.com> wrote:
>> there are plenty of Googleable papers showing the Counter Mode is weak
>> relative to (conventional) cipher-block-chaining (CBC) AES.
>
> Really? For example?
I believe CTR mode is especially sensitive to key/nonce reuse. But you
don't see the problem until you look at messages over time and space.
Confer: CTR mode uses a predictable counter, while CBC mode uses a
random (not unique) IV.

I could be wrong since I'm working from memory (it sucks getting old).
I'd need to get into the literature to give you anything useful
(citable).

Jeff



More information about the cryptography mailing list