On Thu, Oct 18, 2012 at 11:18 PM, Mike Perry wrote:
> Thus spake Nick Mathewson (ni...@alum.mit.edu):
>
>> On Thu, Oct 18, 2012 at 6:10 PM, Mike Perry wrote:
>> [...]
>> >> There are modes that are supposed to prevent this, and applying them
>> >> to a decent wide-block cipher might solve the is
Thus spake Nick Mathewson (ni...@alum.mit.edu):
> On Thu, Oct 18, 2012 at 6:10 PM, Mike Perry wrote:
> [...]
> >> There are modes that are supposed to prevent this, and applying them
> >> to a decent wide-block cipher might solve the issue. IGE is one of
> >> them [IGE], but it turns out to be b
On Thu, Oct 18, 2012 at 6:10 PM, Mike Perry wrote:
[...]
>> There are modes that are supposed to prevent this, and applying them
>> to a decent wide-block cipher might solve the issue. IGE is one of
>> them [IGE], but it turns out to be broken by an attacker who knows
>> some plaintext. The Accu
Thus spake Nick Mathewson (ni...@torproject.org):
> I should share with the list an update of where I am with a design for
> an improved relay crypto protocol. For background and motivation,
> please see the last thread on the topic [Prop202].
>
> There are three main questions remaining for me
