-----BEGIN PGP SIGNED MESSAGE-----
At 01:48 PM 2/3/99 -0800, Burt Kaliski wrote:
Don Johnson's proposal two-pass encryption with triple-DES-CBC is another
option. It has the advantage of not requiring a separate hash function, and,
implemented with appropriate settings, resists the birthday attacks on the
original method.
Burt and Don,
I'm not sure what Don intended, but I was reminded of one of Ron
Rivest's
papers (in Cryptologia) -- proposing bidirectional encryption when the
system is easier to break in one direction than the other.
In the case of CBC mode, one could encrypt a long block twice, as Don
suggested, but index the blocks in reverse order the second time. The IV
could be 0 for both passes.
I haven't tried analyzing this mode of operation yet, but it has a
pleasant
symmetry.
- Carl
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3
iQCVAwUBNrkyPBN3Wx8QwqUtAQGY3AP/SAQCC/k07vQeXI7VLSfgJbO3qRWU9rm4
KUwcyGXIa6gcg7pOaFzU9uPW7BTaGIyHGwxGlR4o5EJWIjar+LwK2aGVSMixCxwJ
bPjuzW7DKSvyBNaBtpuE0T6DlPJ6VBGsT0YH9lP3FaCzz+xckqzWP0G9UdXxa4qs
scblI9OFe8A=
=S+zU
-----END PGP SIGNATURE-----
+------------------------------------------------------------------+
|Carl M. Ellison cme(_at_)acm(_dot_)org http://www.pobox.com/~cme |
| PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 |
+--Officer, officer, arrest that man. He's whistling a dirty song.-+