GnuPG Celebrates 10 Years
GnuPG Celebrates 10 Years
Posted Dec 28, 2007 20:32 UTC (Fri) by jd (guest, #26381)In reply to: GnuPG Celebrates 10 Years by flewellyn
Parent article: GnuPG Celebrates 10 Years
Block cyphers use various methods of data mangling that produces a result that crudely approximates a totally random signal. The better the block cypher, the better the approximation. However, it isn't perfect and can never be perfect - even in theory. The encryption mode helps to improve the pseudo-randomness, but that too can never be perfect.
When (not if) a weakness is found in AES, it is pretty much guaranteed to be a weakness in the nature of the approximation. The 2DEM crowd demonstrated nicely in their initial paper how you could recover some information from encrypted images where there is a poor choice of encryption mode. I have no idea how much is recoverable, how much you can scrape the message for exposed data. Any information, though, must effectively reduce your key search space, with the obvious implication that sufficient information must reduce it to something you can search on a realistic timeframe.
Posted Dec 29, 2007 5:51 UTC (Sat)
by zooko (guest, #2589)
[Link]
I just went and had a look at the 2DEM docs that they submitted to NIST. As far as I could tell from a quick reading of the first couple of sections of their paper, they pointed out that ECB is very weak at confidentiality, and that CBC isn't parallelizable, and then proposed 2DEM mode. These two facts (ECB doesn't offer good confidentiality and CBC isn't parallelizable) were already well understood by other cryptographers. All of modes of operation described in SP 800-38 A (except of course ECB, which shouldn't have been included) offer good confidentiality, and CTR mode offers excellent parallelism. Some of the newfangled modes like OCB and GCM are also parallelizable. So as far as I can tell, 2DEM mode doesn't offer anything over CTR mode. Regards, Zooko
2DEM mode