Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] [cryptography] New Anonymity Network for Short Messages

Eugen Leitl eugen at
Wed Jun 12 04:03:26 PDT 2013

----- Forwarded message from "James A. Donald" <jamesd at> -----

Date: Wed, 12 Jun 2013 15:45:16 +1000
From: "James A. Donald" <jamesd at>
To: cryptography at
Subject: Re: [cryptography] [liberationtech] New Anonymity Network for Short Messages
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/20130509 Thunderbird/17.0.6
Reply-To: jamesd at

On 2013-06-12 1:09 PM, Peter Gutmann wrote:
> Eugen Leitl <eugen at> either writes or quotes:
>> ----- Forwarded message from Sean Cassidy <sean.a.cassidy at> -----
>>> - Any specific reason you picked CTR?
>> CTR is widely recommended. Cryptography Engineering specifically recommends
>> it.
> Who recommends it (apart from CE?).  I've seen it warned about in a number of
> places, and I recommend (strongly) against it in my (still in-progress) book.
> It's the most dangerous encryption mode since RC4.
> More specifically, it's RC4 all over again.  There's a reason why that was
> dropped almost everywhere, for example the SDL explicitly bans it, and there's
> even a Visual Studio tool that scans your code and complains about its use.

I don't see this.  The problem, as with RC4, is if you re-use your counter.

Is there any encryption mode that works if you use it wrong?

cryptography mailing list
cryptography at

----- End forwarded message -----
Eugen* Leitl <a href="">leitl</a>
ICBM: 48.07100, 11.36820
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5

More information about the liberationtech mailing list