[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Cfrg] Re: [saag] Bad day at the hash function factory

To: "Hallam-Baker, Phillip" <pbaker at verisign.com>
Subject: RE: [Cfrg] Re: [saag] Bad day at the hash function factory
From: Greg Rose <ggr at qualcomm.com>
Date: Fri, 27 Aug 2004 06:21:04 +1000
Cc: "'saag at mit.edu'" <saag at mit.edu>, "'cfrg at ietf.org'" <cfrg at ietf.org>, "'kent at bbn.com'" <kent at bbn.com>, "Hughes, James P" <HugheJP at LOUISVILLE.STORTEK.COM>, "'Steven M. Bellovin'" <smb at research.att.com>
In-reply-to: <C6DDA43B91BFDA49AA2F1E473732113E010BEAE0@mou1wnexm05.vcorp .ad.vrsn.com>
List-help: <mailto:cfrg-request@ietf.org?subject=help>
List-id: Crypto Forum Research Group <cfrg.ietf.org>
List-post: <mailto:cfrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
References: <C6DDA43B91BFDA49AA2F1E473732113E010BEAE0@mou1wnexm05.vcorp.ad.vrsn.com>
Sender: cfrg-bounces at ietf.org

At 10:32 2004-08-26 -0700, Hallam-Baker, Phillip wrote:

RC4 has been compromised by Shamir & co, but as a general rule I don't think
any stream cipher should ever get a higher status than acceptable. A stream
cipher always allows a person who has a plaintext and ciphertext
corresponding to a key to encode or decode all messages with that key that
are shorter or the same size. In effect all stream ciphers are vulnerable to
a trivial form of known plaintext attack, the attack does not reveal the key
but this is not necessary.

That's a completely bogus argument. The industry has already accepted that one needs to use block ciphers correctly (unpredictable random IVs, for example, and no ECB mode). Well, guess what, you need to use stream ciphers correctly too. That includes some kind of nonce mechanism. The new-generation stream ciphers (since NESSIE required it) all support Nonces, and usually with no hard-to-meet requirements about unpredictability. Efficiency always matters. So I don't think this position is justifiable.

Greg.

Greg Rose                                    INTERNET: ggr at qualcomm.com
Qualcomm Australia       VOICE:  +61-2-9817 4188   FAX: +61-2-9817 5199
Level 3, 230 Victoria Road,             http://people.qualcomm.com/ggr/
Gladesville NSW 2111/232B EC8F 44C6 C853 D68F  E107 E6BF CD2F 1081 A37C


_______________________________________________
Cfrg mailing list
Cfrg at ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg

References:
- RE: [Cfrg] Re: [saag] Bad day at the hash function factory
  - From: Hallam-Baker, Phillip

Prev by Date: RE: [Cfrg] Re: [saag] Bad day at the hash function factory
Next by Date: RE: [Cfrg] Re: [saag] Bad day at the hash function factory
Previous by thread: Re: [Cfrg] Re: [saag] Bad day at the hash function factory
Next by thread: RE: [Cfrg] Re: [saag] Bad day at the hash function factory
Index(es):
- Date
- Thread