[cryptography] "Combined" cipher modes
Kevin W. Wall
kevin.w.wall at gmail.com
Mon Feb 20 02:11:52 EST 2012
This should be a pretty simple question for this list, so please pardon
my ignorance. But better to ask than to continue in ignorance. :-)
NIST refers to "combined" cipher modes as those supporting *both*
authenticity and confidentiality, such as GCM and CCM.
So my first question: Are there ANY "combined" cipher modes
for block ciphers that do not cause the ciphers to act as a key
stream? (That seems to be cause most of the ones I found build
the confidentiality piece around CTR mode.) If "yes", please name
a few (especially those with no patent restrictions).
I know when you have a cipher that acts in a streaming mode,
that you need to be careful to use a unique IV for every encryption
performed with the same key.
So my second question is, if all the "combined" cipher modes all
cause a cipher to act as if it is in a streaming mode, is it okay
to just choose a completely RANDOM IV for each encryption?
Because it sure doesn't seem to be feasible to record all the IVs
for a given key to make sure that an IV isn't reused. If that is not
acceptable, then how does one ever address this?
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We *cause* accidents." -- Nathaniel Borenstein
More information about the cryptography