[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-crypto
Subject:    Re: a question about ciphers
From:       Henry Spencer <henry () spsystems ! net>
Date:       2001-12-13 17:05:18
[Download RAW message or body]

On Thu, 13 Dec 2001, Pascal Junod wrote:
> > two or more cipher texts block are equal, which information did get
> > from it ?
> 
> If the encryption mode is ECB, you know that both plaintexts are equal.
> If the encryption mode is CBC, you know some information about the XOR of
> two plaintexts.

Note that this is not inherently a disaster; it merely supplies some help
to a good cryptanalyst.

Nor does it suddenly start happening at a particular size of data.  As the
size grows, it merely becomes increasingly likely that such equal cipher
blocks will show up.  For a 64-bit block, the chance of at least one
repetition goes to certainty only at 2^64+1 blocks, but is near certainty
long before that, because of the classical "birthday paradox".  But
there's no point along the way where it suddenly increases, no "boundary"
where a previously-good cipher suddenly becomes disastrously vulnerable. 

Limiting 64-bit ciphers to total ciphertexts of a few gigabytes is a wise
general precaution, but it is not an ironclad necessity.  The reduction in
cipher strength from going, say, a factor of ten beyond that is small. 

                                                          Henry Spencer
                                                       henry@spsystems.net

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

[prev in list] [next in list] [prev in thread] [next in thread]