[146800] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: [Cryptography] XORing plaintext with ciphertext

daemon@ATHENA.MIT.EDU (John Kelsey)
Sun Sep 8 02:51:16 2013

X-Original-To: cryptography@metzdowd.com
In-Reply-To: <87r4d0h08t.fsf@mid.deneb.enyo.de>
From: John Kelsey <crypto.jmk@gmail.com>
Date: Sat, 7 Sep 2013 21:46:31 -0400
To: Florian Weimer <fw@deneb.enyo.de>
Cc: Cryptography List <cryptography@metzdowd.com>,
	Dave Horsfall <dave@horsfall.org>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com

It depends on the encryption scheme used.  For a stream cipher (including AES in counter or OFB mode), this yields the keystream.  If someone screws up and uses the same key and IV twice, you can use knowledge of the first plaintext to learn the second.  For other AES chaining modes, it's less scary, though if someone reuses their key and IV, knowing plaintext xor ciphertext from the first time the key,iv pair was used can reveal some plaintext from the second time it was used.  

--John
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[146800] in cryptography@c2.net mail archive

Re: [Cryptography] XORing plaintext with ciphertext

daemon@ATHENA.MIT.EDU (John Kelsey)Sun Sep 8 02:51:16 2013

daemon@ATHENA.MIT.EDU (John Kelsey)
Sun Sep 8 02:51:16 2013