To: linux-kernel@vger.kernel.org
Path: not-for-mail
From: daw@taverner.cs.berkeley.edu (David Wagner)
Newsgroups: isaac.lists.linux-kernel
Subject: Re: dm-crypt, new IV and standards
Date: Thu, 4 Mar 2004 17:44:25 +0000 (UTC)
Organization: University of California, Berkeley
Distribution: isaac
Message-ID: <c27ptp$dhp$1@abraham.cs.berkeley.edu>
References: <20040220172237.GA9918@certainkey.com> <20040303150647.GC1586@certainkey.com> <Pine.LNX.4.58.0403031735210.26196@twinlark.arctic.org> <20040304132430.GA8213@certainkey.com>
Reply-To: daw-usenet@taverner.cs.berkeley.edu (David Wagner)
NNTP-Posting-Host: taverner.cs.berkeley.edu
NNTP-Posting-Date: Thu, 4 Mar 2004 17:44:25 +0000 (UTC)
Originator: daw@taverner.cs.berkeley.edu (David Wagner)
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 853
Lines: 10

Jean-Luc Cooke  wrote:
>Like you said, CBC is not trivial to temper with - though it is do able.  CTR
>is trivial on the other hand.  Which is why NIST and every cryptographer will
>recommend using a MAC with CTR.  (Why still have CTR?  Unlike CBC, you can
>compute the N+1-th block without needing to know the output from the N-th
>block, so there is the possibility for very high parallelizum).

I'm worried about the potential for confusion, so let me clarify: Good
cryptographers will recommend using a MAC, whether you use CTR, CBC,
or CFB.  The need for a MAC is not specific to CTR; CBC is not exempt.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/