Talk:Ciphertext stealing
This article is rated C-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||
|
Untitled
editIt isn't clear to me what is meant by "in place encrypt", so I'm reverting to the (mostly) prior text. Also, I think that removing note that Meyer describes an incompatible scheme is important. Efnar (talk) 22:29, 19 March 2008 (UTC)
Clarity
editFor me, the first paragraph under General Characteristics was really confusing (as of 11:35 AM GMT 16 FEB 2011).
Perhaps it would be more clear if it were more to the point. "Ordinarily, plaintext padding is used to make P divisible by block size. Ciphertext stealing uses a previous block's cipertext output for padding of the final block. Since this ciphertext will be recovered upon decryption of the final block, it can be removed from transmission of the next to last block." —Preceding unsigned comment added by 204.87.16.4 (talk) 11:55, 16 February 2011 (UTC)
needs updating for latest discoveries
editThis page evidently badly needs updating in the light of
The Security of Ciphertext Stealing. Phillip Rogaway, Mark Wooding, and Haibin Zhang. FSE 2012, LNCS 7549, pages 180-195, 2012.
http://csiflabs.cs.ucdavis.edu/~hbzhang/steal.pdf
which claims the Meyer and Matyas mode is insecure and should not be used.
CBC ciphertext stealing encryption using a standard CBC interface
editThis section self-evidently does not make sense. If you truncate a block of cipher text you will never be able to decrypt it. — Preceding unsigned comment added by 86.142.231.35 (talk) 08:28, 3 April 2013 (UTC)
- This section describes the mode CBC-CS3 proposed by NIST. Ciphertext can be decrypted as described in the article. According to the paper by Rogaway, Wooding and Zhang cited above CBC-CS3 makes a lot more sense than the remainder of the wikipedia article. 83.77.189.6 (talk) 17:49, 3 April 2013 (UTC)