On Thu, 13 Dec 2001, Pascal Junod wrote:
> > two or more cipher texts block are equal, which information did get
> > from it ?
>
> If the encryption mode is ECB, you know that both plaintexts are equal.
> If the encryption mode is CBC, you know some information about the XOR of
> two plaintexts.
Note that this is not inherently a disaster; it merely supplies some help
to a good cryptanalyst.
Nor does it suddenly start happening at a particular size of data. As the
size grows, it merely becomes increasingly likely that such equal cipher
blocks will show up. For a 64-bit block, the chance of at least one
repetition goes to certainty only at 2^64+1 blocks, but is near certainty
long before that, because of the classical "birthday paradox". But
there's no point along the way where it suddenly increases, no "boundary"
where a previously-good cipher suddenly becomes disastrously vulnerable.
Limiting 64-bit ciphers to total ciphertexts of a few gigabytes is a wise
general precaution, but it is not an ironclad necessity. The reduction in
cipher strength from going, say, a factor of ten beyond that is small.
Henry Spencer
henry@xxxxxxxxxxxxx
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
