Input limitations on the RC6 cipher
up vote
2
down vote
favorite
RSA has limitation in input size for encryption and decryption.
- Can RC6 be used for encrytion and decryption of files larger than 5 MB?
- Is there any limitation for input size?
- Is RC6 safe for using encryption or has it faced any attacks?
encryption rsa rc6
edited 9 hours ago
Maarten Bodewes
51.5k673188
asked 22 hours ago
Anu Davis
7318
New contributor
Anu Davis is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
up vote
2
down vote
favorite
RSA has limitation in input size for encryption and decryption.
- Can RC6 be used for encrytion and decryption of files larger than 5 MB?
- Is there any limitation for input size?
- Is RC6 safe for using encryption or has it faced any attacks?
encryption rsa rc6
edited 9 hours ago
Maarten Bodewes
51.5k673188
asked 22 hours ago
Anu Davis
7318
New contributor
Anu Davis is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
up vote
2
down vote
favorite
up vote
2
down vote
favorite
RSA has limitation in input size for encryption and decryption.
- Can RC6 be used for encrytion and decryption of files larger than 5 MB?
- Is there any limitation for input size?
- Is RC6 safe for using encryption or has it faced any attacks?
encryption rsa rc6
edited 9 hours ago
Maarten Bodewes
51.5k673188
asked 22 hours ago
Anu Davis
7318
New contributor
Anu Davis is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
RSA has limitation in input size for encryption and decryption.
- Can RC6 be used for encrytion and decryption of files larger than 5 MB?
- Is there any limitation for input size?
- Is RC6 safe for using encryption or has it faced any attacks?
encryption rsa rc6
encryption rsa rc6
edited 9 hours ago
Maarten Bodewes
51.5k673188
asked 22 hours ago
Anu Davis
7318
New contributor
Anu Davis is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 9 hours ago
Maarten Bodewes
51.5k673188
asked 22 hours ago
Anu Davis
7318
New contributor
Anu Davis is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 9 hours ago
Maarten Bodewes
51.5k673188
edited 9 hours ago
Maarten Bodewes
51.5k673188
edited 9 hours ago
Maarten Bodewes
51.5k673188
51.5k673188
asked 22 hours ago
Anu Davis
7318
New contributor
Anu Davis is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 22 hours ago
Anu Davis
7318
asked 22 hours ago
Anu Davis
7318
7318
New contributor
Anu Davis is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Anu Davis is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Anu Davis is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
3 Answers
3
active
oldest
votes
up vote
4
down vote
RC6 is secure, and has no effective limit on input size.
RSA is an asymmetric cipher. It is not designed for general purpose encryption, and so has a very tight limit on the amount of data that can be encrypted. In fact, unlike symmetric ciphers, RSA is based on a mathematical problem, so the ciphertext is nothing more than the plaintext being multiplied by a special value, modulo a value derived from the public key. This modular operation puts a hard limit on the length of the plaintext to be encrypted. Note that RSA is not used to encrypt anything directly. It is used to encrypt a smaller symmetric key which is then used to protect the confidentiality of further communications.
RC6 is a symmetric block cipher. The amount of data that can be encrypted with a single key depends on the mode of operation in use, as well as the block size of the cipher. For a cipher with 128-bit blocks, like RC6, the amount of data it can securely encrypt is vast. To put it into hard numbers, in order to have an already astronomically small 2-32 chance of leaking a little bit of information from one 128-bit block in CBC mode, you need to encrypt more than four petabytes of data with one key. A mere five megabytes is nothing.
There are no known attacks which weaken RC6 to the point that breaking it is practical. As it did not win the AES competition however, it has received comparatively less analysis. A large amount of information on its security can be found by searching "rc6 cryptanalysis pdf".
Obligatory disclaimer: Choosing the cipher is the easiest part of implementing a secure cryptosystem. If you are designing your own cryptosystem, don't. Simply using RC6 is not enough to provide security. You need to choose the proper mode of operation, use authentication, use a secure KDF if the key is to be derived from a password, mitigate a variety of attacks if used on the network (reflection, replay, man-in-the-middle, etc). Don't think that, just because you are using a secure cipher, that the data you encrypt is secure.
answered 22 hours ago
forest
2,313630
Thanks for the answer
– Anu Davis
21 hours ago
1
The description of RSA is currently incorrect. Suggestion: "the ciphertext is nothing more than the plaintext being multiplied by a special value, modulo a value derived from the public key" -> the ciphertext is the plaintext (reversibly mixed with some randomness, unless the plaintext itself is random) multiplied by itself some number of times modulo some large integer (with said number of times and large integer constituting the public key).
– fgrieu
14 hours ago
add a comment |
up vote
3
down vote
RSA doesn't really have a limit on what can be encrypted. It is possible to encrypt many separate messages using RSA. Splitting an message into separate parts before encryption allows you to encrypt many parts of data without the risk of loosing confidentiality.
This will however take a lot of CPU time, it will expand each part of the message and it will not provide any kind of integrity protection (but neither do known modes of operation such as CBC). So asymmetric encryption is not used for bulk encryption, it is only used for small messages where asymmetric encryption is required and the byte count needs to kept low.
Instead asymmetric algorithms (ciphers and key establishment schemes) are commonly used to encrypt or derive a symmetric key - such as a symmetric key for RC6 - which then can be used to encrypt the data itself. This is called a hybrid cryptosystem as it both relies on asymmetric and symmetric cryptography.
Can RC6 be used for encryption and decryption of files larger than 5 MB?
Not by itself. RC6 is a block cipher and can therefore only be used to encrypt blocks of data. RC6 has a block size of 128 bits. To encrypt data you will have to use a mode of operation. The amount of data that can be encrypted is then a function of the mode of operation and the block size. It also depends on the way the mode of operation is applied, especially how the IV is constructed. The amount of messages (files) that may be encrypted may also be restricted.
When used in a block cipher mode of operation, 5MB is a relatively small amount of data.
Is there any limitation for input size?
Yes. It can be calculated for specific modes of operation. There are certainly modes of operations such as GCM that have smaller limits then that you would expect for the block size. GCM has a limit of "just" 64 GiB of data. That's much larger than 5 MB, but it is much smaller than you would expect for a cipher such as AES or RC6 with a block size of 128 bits.
Counter mode (CTR mode), when used correctly on a single message, can be used to encrypt $2^{128}$ blocks of data, with each block containing 16 bytes. That's $10^{37}$ times all the data in the world. That means that this mode of operation has no practical limit for single messages (implementations may limit you to $2^{64}$ or even $2^{32}$ counter values / blocks in extreme cases).
With these kind of sizes you may expect that the amount of data to encrypt is generally not used to choose a specific mode of operation, especially not for 128 bit block ciphers: almost any mode of operation will provide higher limits than required. Other properties of the mode of operation are generally considered more important. GCM for instance provides authenticated encryption that protects the message against change, while CTR or CBC mode does not.
Is RC6 safe for using encryption or has it faced any attacks?
RC6 has not been broken. But it has not been selected to be AES either. That means that there has been less incentive to find attacks on it. As one of the AES finalists it certainly has been thoroughly examined though, and no attacks were found.
Finding good support for it, such as known good implementations or hardware implementations of it will be harder. This is especially true when it comes to authenticated modes. It could also mean that side channel attacks are more likely because of this. Generally we prefer just to use AES (Rijndael) for this reason - even though the AES algorithm may be more vulnerable in principle.
answered 15 hours ago
Maarten Bodewes
51.5k673188
After $2^{128}$ the counter is set to $0$ in CTR. Is there a problem that one can continue?
– kelalaka
11 hours ago
Yes it turns into a many time pad.
– Maarten Bodewes
10 hours ago
It is better to be in the answer :)
– kelalaka
10 hours ago
I'll put it in the answer when somebody reaches $2^{127}$ blocks ;) This question is not about CTR mode, they can look it up on the site if required.
– Maarten Bodewes
9 hours ago
add a comment |
up vote
1
down vote
Usually you don't encrypt data / messages directly with RSA, rather you encrypt a symmetric key for future encryptions.
This has the advantage that it's more efficient to encrypt and decrypt data, because symmetric cryptography is faster than asymmetric cryptography.
Can RC6 be used for encrytion and decryption of files larger than 5 MB?
Yes.
Is there any limitation for input size?
When encrypting data with a symmetric block cipher, which uses blocks of n bits, some security concerns begin to appear when the amount of data encrypted with a single key comes close to $2^n/2$ blocks, i.e. $n*2^{n/2}$ bits.
This means that there is indeed a limit of data to encrypt but it's so large that it should never be a problem. AES-128 bit encryption for example can safely encrypt data of over 250 Million TB.
Is RC6 safe for using encryption or has it faced any attacks?
RC6 is considered to be safe.
answered 22 hours ago
AleksanderRas
1,2781222
1
I'm not sure how what Wikipedia stated is a problem. It just means that some NSA malware used RC6. It doesn't mean that RC6 is broken, just that they used it. If anything, it means they trust it (or that it's so obscure that antimalware programs are unlikely to recognize it).
– forest
22 hours ago
Thanks for the answer
– Anu Davis
21 hours ago
1
@forest Edited my answer.
– AleksanderRas
19 hours ago
@AnuDavis No need to say "thanks". That's what the forum is here for.
– AleksanderRas
19 hours ago
@ AleksanderRas ok
– Anu Davis
18 hours ago
|
show 1 more comment
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
4
down vote
RC6 is secure, and has no effective limit on input size.
RSA is an asymmetric cipher. It is not designed for general purpose encryption, and so has a very tight limit on the amount of data that can be encrypted. In fact, unlike symmetric ciphers, RSA is based on a mathematical problem, so the ciphertext is nothing more than the plaintext being multiplied by a special value, modulo a value derived from the public key. This modular operation puts a hard limit on the length of the plaintext to be encrypted. Note that RSA is not used to encrypt anything directly. It is used to encrypt a smaller symmetric key which is then used to protect the confidentiality of further communications.
RC6 is a symmetric block cipher. The amount of data that can be encrypted with a single key depends on the mode of operation in use, as well as the block size of the cipher. For a cipher with 128-bit blocks, like RC6, the amount of data it can securely encrypt is vast. To put it into hard numbers, in order to have an already astronomically small 2-32 chance of leaking a little bit of information from one 128-bit block in CBC mode, you need to encrypt more than four petabytes of data with one key. A mere five megabytes is nothing.
There are no known attacks which weaken RC6 to the point that breaking it is practical. As it did not win the AES competition however, it has received comparatively less analysis. A large amount of information on its security can be found by searching "rc6 cryptanalysis pdf".
Obligatory disclaimer: Choosing the cipher is the easiest part of implementing a secure cryptosystem. If you are designing your own cryptosystem, don't. Simply using RC6 is not enough to provide security. You need to choose the proper mode of operation, use authentication, use a secure KDF if the key is to be derived from a password, mitigate a variety of attacks if used on the network (reflection, replay, man-in-the-middle, etc). Don't think that, just because you are using a secure cipher, that the data you encrypt is secure.
answered 22 hours ago
forest
2,313630
Thanks for the answer
– Anu Davis
21 hours ago
1
The description of RSA is currently incorrect. Suggestion: "the ciphertext is nothing more than the plaintext being multiplied by a special value, modulo a value derived from the public key" -> the ciphertext is the plaintext (reversibly mixed with some randomness, unless the plaintext itself is random) multiplied by itself some number of times modulo some large integer (with said number of times and large integer constituting the public key).
– fgrieu
14 hours ago
add a comment |
up vote
4
down vote
RC6 is secure, and has no effective limit on input size.
RSA is an asymmetric cipher. It is not designed for general purpose encryption, and so has a very tight limit on the amount of data that can be encrypted. In fact, unlike symmetric ciphers, RSA is based on a mathematical problem, so the ciphertext is nothing more than the plaintext being multiplied by a special value, modulo a value derived from the public key. This modular operation puts a hard limit on the length of the plaintext to be encrypted. Note that RSA is not used to encrypt anything directly. It is used to encrypt a smaller symmetric key which is then used to protect the confidentiality of further communications.
RC6 is a symmetric block cipher. The amount of data that can be encrypted with a single key depends on the mode of operation in use, as well as the block size of the cipher. For a cipher with 128-bit blocks, like RC6, the amount of data it can securely encrypt is vast. To put it into hard numbers, in order to have an already astronomically small 2-32 chance of leaking a little bit of information from one 128-bit block in CBC mode, you need to encrypt more than four petabytes of data with one key. A mere five megabytes is nothing.
There are no known attacks which weaken RC6 to the point that breaking it is practical. As it did not win the AES competition however, it has received comparatively less analysis. A large amount of information on its security can be found by searching "rc6 cryptanalysis pdf".
Obligatory disclaimer: Choosing the cipher is the easiest part of implementing a secure cryptosystem. If you are designing your own cryptosystem, don't. Simply using RC6 is not enough to provide security. You need to choose the proper mode of operation, use authentication, use a secure KDF if the key is to be derived from a password, mitigate a variety of attacks if used on the network (reflection, replay, man-in-the-middle, etc). Don't think that, just because you are using a secure cipher, that the data you encrypt is secure.
answered 22 hours ago
forest
2,313630
Thanks for the answer
– Anu Davis
21 hours ago
1
The description of RSA is currently incorrect. Suggestion: "the ciphertext is nothing more than the plaintext being multiplied by a special value, modulo a value derived from the public key" -> the ciphertext is the plaintext (reversibly mixed with some randomness, unless the plaintext itself is random) multiplied by itself some number of times modulo some large integer (with said number of times and large integer constituting the public key).
– fgrieu
14 hours ago
add a comment |
up vote
4
down vote
up vote
4
down vote
RC6 is secure, and has no effective limit on input size.
RSA is an asymmetric cipher. It is not designed for general purpose encryption, and so has a very tight limit on the amount of data that can be encrypted. In fact, unlike symmetric ciphers, RSA is based on a mathematical problem, so the ciphertext is nothing more than the plaintext being multiplied by a special value, modulo a value derived from the public key. This modular operation puts a hard limit on the length of the plaintext to be encrypted. Note that RSA is not used to encrypt anything directly. It is used to encrypt a smaller symmetric key which is then used to protect the confidentiality of further communications.
RC6 is a symmetric block cipher. The amount of data that can be encrypted with a single key depends on the mode of operation in use, as well as the block size of the cipher. For a cipher with 128-bit blocks, like RC6, the amount of data it can securely encrypt is vast. To put it into hard numbers, in order to have an already astronomically small 2-32 chance of leaking a little bit of information from one 128-bit block in CBC mode, you need to encrypt more than four petabytes of data with one key. A mere five megabytes is nothing.
There are no known attacks which weaken RC6 to the point that breaking it is practical. As it did not win the AES competition however, it has received comparatively less analysis. A large amount of information on its security can be found by searching "rc6 cryptanalysis pdf".
Obligatory disclaimer: Choosing the cipher is the easiest part of implementing a secure cryptosystem. If you are designing your own cryptosystem, don't. Simply using RC6 is not enough to provide security. You need to choose the proper mode of operation, use authentication, use a secure KDF if the key is to be derived from a password, mitigate a variety of attacks if used on the network (reflection, replay, man-in-the-middle, etc). Don't think that, just because you are using a secure cipher, that the data you encrypt is secure.
answered 22 hours ago
forest
2,313630
RC6 is secure, and has no effective limit on input size.
RSA is an asymmetric cipher. It is not designed for general purpose encryption, and so has a very tight limit on the amount of data that can be encrypted. In fact, unlike symmetric ciphers, RSA is based on a mathematical problem, so the ciphertext is nothing more than the plaintext being multiplied by a special value, modulo a value derived from the public key. This modular operation puts a hard limit on the length of the plaintext to be encrypted. Note that RSA is not used to encrypt anything directly. It is used to encrypt a smaller symmetric key which is then used to protect the confidentiality of further communications.
RC6 is a symmetric block cipher. The amount of data that can be encrypted with a single key depends on the mode of operation in use, as well as the block size of the cipher. For a cipher with 128-bit blocks, like RC6, the amount of data it can securely encrypt is vast. To put it into hard numbers, in order to have an already astronomically small 2-32 chance of leaking a little bit of information from one 128-bit block in CBC mode, you need to encrypt more than four petabytes of data with one key. A mere five megabytes is nothing.
There are no known attacks which weaken RC6 to the point that breaking it is practical. As it did not win the AES competition however, it has received comparatively less analysis. A large amount of information on its security can be found by searching "rc6 cryptanalysis pdf".
Obligatory disclaimer: Choosing the cipher is the easiest part of implementing a secure cryptosystem. If you are designing your own cryptosystem, don't. Simply using RC6 is not enough to provide security. You need to choose the proper mode of operation, use authentication, use a secure KDF if the key is to be derived from a password, mitigate a variety of attacks if used on the network (reflection, replay, man-in-the-middle, etc). Don't think that, just because you are using a secure cipher, that the data you encrypt is secure.
answered 22 hours ago
forest
2,313630
edited 22 hours ago
answered 22 hours ago
forest
2,313630
answered 22 hours ago
forest
2,313630
answered 22 hours ago
forest
2,313630
2,313630
Thanks for the answer
– Anu Davis
21 hours ago
1
The description of RSA is currently incorrect. Suggestion: "the ciphertext is nothing more than the plaintext being multiplied by a special value, modulo a value derived from the public key" -> the ciphertext is the plaintext (reversibly mixed with some randomness, unless the plaintext itself is random) multiplied by itself some number of times modulo some large integer (with said number of times and large integer constituting the public key).
– fgrieu
14 hours ago
add a comment |
Thanks for the answer
– Anu Davis
21 hours ago
1
The description of RSA is currently incorrect. Suggestion: "the ciphertext is nothing more than the plaintext being multiplied by a special value, modulo a value derived from the public key" -> the ciphertext is the plaintext (reversibly mixed with some randomness, unless the plaintext itself is random) multiplied by itself some number of times modulo some large integer (with said number of times and large integer constituting the public key).
– fgrieu
14 hours ago
Thanks for the answer
– Anu Davis
21 hours ago
Thanks for the answer
– Anu Davis
21 hours ago
1
1
The description of RSA is currently incorrect. Suggestion: "the ciphertext is nothing more than the plaintext being multiplied by a special value, modulo a value derived from the public key" -> the ciphertext is the plaintext (reversibly mixed with some randomness, unless the plaintext itself is random) multiplied by itself some number of times modulo some large integer (with said number of times and large integer constituting the public key).
– fgrieu
14 hours ago
The description of RSA is currently incorrect. Suggestion: "the ciphertext is nothing more than the plaintext being multiplied by a special value, modulo a value derived from the public key" -> the ciphertext is the plaintext (reversibly mixed with some randomness, unless the plaintext itself is random) multiplied by itself some number of times modulo some large integer (with said number of times and large integer constituting the public key).
– fgrieu
14 hours ago
add a comment |
up vote
3
down vote
RSA doesn't really have a limit on what can be encrypted. It is possible to encrypt many separate messages using RSA. Splitting an message into separate parts before encryption allows you to encrypt many parts of data without the risk of loosing confidentiality.
This will however take a lot of CPU time, it will expand each part of the message and it will not provide any kind of integrity protection (but neither do known modes of operation such as CBC). So asymmetric encryption is not used for bulk encryption, it is only used for small messages where asymmetric encryption is required and the byte count needs to kept low.
Instead asymmetric algorithms (ciphers and key establishment schemes) are commonly used to encrypt or derive a symmetric key - such as a symmetric key for RC6 - which then can be used to encrypt the data itself. This is called a hybrid cryptosystem as it both relies on asymmetric and symmetric cryptography.
Can RC6 be used for encryption and decryption of files larger than 5 MB?
Not by itself. RC6 is a block cipher and can therefore only be used to encrypt blocks of data. RC6 has a block size of 128 bits. To encrypt data you will have to use a mode of operation. The amount of data that can be encrypted is then a function of the mode of operation and the block size. It also depends on the way the mode of operation is applied, especially how the IV is constructed. The amount of messages (files) that may be encrypted may also be restricted.
When used in a block cipher mode of operation, 5MB is a relatively small amount of data.
Is there any limitation for input size?
Yes. It can be calculated for specific modes of operation. There are certainly modes of operations such as GCM that have smaller limits then that you would expect for the block size. GCM has a limit of "just" 64 GiB of data. That's much larger than 5 MB, but it is much smaller than you would expect for a cipher such as AES or RC6 with a block size of 128 bits.
Counter mode (CTR mode), when used correctly on a single message, can be used to encrypt $2^{128}$ blocks of data, with each block containing 16 bytes. That's $10^{37}$ times all the data in the world. That means that this mode of operation has no practical limit for single messages (implementations may limit you to $2^{64}$ or even $2^{32}$ counter values / blocks in extreme cases).
With these kind of sizes you may expect that the amount of data to encrypt is generally not used to choose a specific mode of operation, especially not for 128 bit block ciphers: almost any mode of operation will provide higher limits than required. Other properties of the mode of operation are generally considered more important. GCM for instance provides authenticated encryption that protects the message against change, while CTR or CBC mode does not.
Is RC6 safe for using encryption or has it faced any attacks?
RC6 has not been broken. But it has not been selected to be AES either. That means that there has been less incentive to find attacks on it. As one of the AES finalists it certainly has been thoroughly examined though, and no attacks were found.
Finding good support for it, such as known good implementations or hardware implementations of it will be harder. This is especially true when it comes to authenticated modes. It could also mean that side channel attacks are more likely because of this. Generally we prefer just to use AES (Rijndael) for this reason - even though the AES algorithm may be more vulnerable in principle.
answered 15 hours ago
Maarten Bodewes
51.5k673188
After $2^{128}$ the counter is set to $0$ in CTR. Is there a problem that one can continue?
– kelalaka
11 hours ago
Yes it turns into a many time pad.
– Maarten Bodewes
10 hours ago
It is better to be in the answer :)
– kelalaka
10 hours ago
I'll put it in the answer when somebody reaches $2^{127}$ blocks ;) This question is not about CTR mode, they can look it up on the site if required.
– Maarten Bodewes
9 hours ago
add a comment |
up vote
3
down vote
RSA doesn't really have a limit on what can be encrypted. It is possible to encrypt many separate messages using RSA. Splitting an message into separate parts before encryption allows you to encrypt many parts of data without the risk of loosing confidentiality.
This will however take a lot of CPU time, it will expand each part of the message and it will not provide any kind of integrity protection (but neither do known modes of operation such as CBC). So asymmetric encryption is not used for bulk encryption, it is only used for small messages where asymmetric encryption is required and the byte count needs to kept low.
Instead asymmetric algorithms (ciphers and key establishment schemes) are commonly used to encrypt or derive a symmetric key - such as a symmetric key for RC6 - which then can be used to encrypt the data itself. This is called a hybrid cryptosystem as it both relies on asymmetric and symmetric cryptography.
Can RC6 be used for encryption and decryption of files larger than 5 MB?
Not by itself. RC6 is a block cipher and can therefore only be used to encrypt blocks of data. RC6 has a block size of 128 bits. To encrypt data you will have to use a mode of operation. The amount of data that can be encrypted is then a function of the mode of operation and the block size. It also depends on the way the mode of operation is applied, especially how the IV is constructed. The amount of messages (files) that may be encrypted may also be restricted.
When used in a block cipher mode of operation, 5MB is a relatively small amount of data.
Is there any limitation for input size?
Yes. It can be calculated for specific modes of operation. There are certainly modes of operations such as GCM that have smaller limits then that you would expect for the block size. GCM has a limit of "just" 64 GiB of data. That's much larger than 5 MB, but it is much smaller than you would expect for a cipher such as AES or RC6 with a block size of 128 bits.
Counter mode (CTR mode), when used correctly on a single message, can be used to encrypt $2^{128}$ blocks of data, with each block containing 16 bytes. That's $10^{37}$ times all the data in the world. That means that this mode of operation has no practical limit for single messages (implementations may limit you to $2^{64}$ or even $2^{32}$ counter values / blocks in extreme cases).
With these kind of sizes you may expect that the amount of data to encrypt is generally not used to choose a specific mode of operation, especially not for 128 bit block ciphers: almost any mode of operation will provide higher limits than required. Other properties of the mode of operation are generally considered more important. GCM for instance provides authenticated encryption that protects the message against change, while CTR or CBC mode does not.
Is RC6 safe for using encryption or has it faced any attacks?
RC6 has not been broken. But it has not been selected to be AES either. That means that there has been less incentive to find attacks on it. As one of the AES finalists it certainly has been thoroughly examined though, and no attacks were found.
Finding good support for it, such as known good implementations or hardware implementations of it will be harder. This is especially true when it comes to authenticated modes. It could also mean that side channel attacks are more likely because of this. Generally we prefer just to use AES (Rijndael) for this reason - even though the AES algorithm may be more vulnerable in principle.
answered 15 hours ago
Maarten Bodewes
51.5k673188
After $2^{128}$ the counter is set to $0$ in CTR. Is there a problem that one can continue?
– kelalaka
11 hours ago
Yes it turns into a many time pad.
– Maarten Bodewes
10 hours ago
It is better to be in the answer :)
– kelalaka
10 hours ago
I'll put it in the answer when somebody reaches $2^{127}$ blocks ;) This question is not about CTR mode, they can look it up on the site if required.
– Maarten Bodewes
9 hours ago
add a comment |
up vote
3
down vote
up vote
3
down vote
RSA doesn't really have a limit on what can be encrypted. It is possible to encrypt many separate messages using RSA. Splitting an message into separate parts before encryption allows you to encrypt many parts of data without the risk of loosing confidentiality.
This will however take a lot of CPU time, it will expand each part of the message and it will not provide any kind of integrity protection (but neither do known modes of operation such as CBC). So asymmetric encryption is not used for bulk encryption, it is only used for small messages where asymmetric encryption is required and the byte count needs to kept low.
Instead asymmetric algorithms (ciphers and key establishment schemes) are commonly used to encrypt or derive a symmetric key - such as a symmetric key for RC6 - which then can be used to encrypt the data itself. This is called a hybrid cryptosystem as it both relies on asymmetric and symmetric cryptography.
Can RC6 be used for encryption and decryption of files larger than 5 MB?
Not by itself. RC6 is a block cipher and can therefore only be used to encrypt blocks of data. RC6 has a block size of 128 bits. To encrypt data you will have to use a mode of operation. The amount of data that can be encrypted is then a function of the mode of operation and the block size. It also depends on the way the mode of operation is applied, especially how the IV is constructed. The amount of messages (files) that may be encrypted may also be restricted.
When used in a block cipher mode of operation, 5MB is a relatively small amount of data.
Is there any limitation for input size?
Yes. It can be calculated for specific modes of operation. There are certainly modes of operations such as GCM that have smaller limits then that you would expect for the block size. GCM has a limit of "just" 64 GiB of data. That's much larger than 5 MB, but it is much smaller than you would expect for a cipher such as AES or RC6 with a block size of 128 bits.
Counter mode (CTR mode), when used correctly on a single message, can be used to encrypt $2^{128}$ blocks of data, with each block containing 16 bytes. That's $10^{37}$ times all the data in the world. That means that this mode of operation has no practical limit for single messages (implementations may limit you to $2^{64}$ or even $2^{32}$ counter values / blocks in extreme cases).
With these kind of sizes you may expect that the amount of data to encrypt is generally not used to choose a specific mode of operation, especially not for 128 bit block ciphers: almost any mode of operation will provide higher limits than required. Other properties of the mode of operation are generally considered more important. GCM for instance provides authenticated encryption that protects the message against change, while CTR or CBC mode does not.
Is RC6 safe for using encryption or has it faced any attacks?
RC6 has not been broken. But it has not been selected to be AES either. That means that there has been less incentive to find attacks on it. As one of the AES finalists it certainly has been thoroughly examined though, and no attacks were found.
Finding good support for it, such as known good implementations or hardware implementations of it will be harder. This is especially true when it comes to authenticated modes. It could also mean that side channel attacks are more likely because of this. Generally we prefer just to use AES (Rijndael) for this reason - even though the AES algorithm may be more vulnerable in principle.
answered 15 hours ago
Maarten Bodewes
51.5k673188
RSA doesn't really have a limit on what can be encrypted. It is possible to encrypt many separate messages using RSA. Splitting an message into separate parts before encryption allows you to encrypt many parts of data without the risk of loosing confidentiality.
This will however take a lot of CPU time, it will expand each part of the message and it will not provide any kind of integrity protection (but neither do known modes of operation such as CBC). So asymmetric encryption is not used for bulk encryption, it is only used for small messages where asymmetric encryption is required and the byte count needs to kept low.
Instead asymmetric algorithms (ciphers and key establishment schemes) are commonly used to encrypt or derive a symmetric key - such as a symmetric key for RC6 - which then can be used to encrypt the data itself. This is called a hybrid cryptosystem as it both relies on asymmetric and symmetric cryptography.
Can RC6 be used for encryption and decryption of files larger than 5 MB?
Not by itself. RC6 is a block cipher and can therefore only be used to encrypt blocks of data. RC6 has a block size of 128 bits. To encrypt data you will have to use a mode of operation. The amount of data that can be encrypted is then a function of the mode of operation and the block size. It also depends on the way the mode of operation is applied, especially how the IV is constructed. The amount of messages (files) that may be encrypted may also be restricted.
When used in a block cipher mode of operation, 5MB is a relatively small amount of data.
Is there any limitation for input size?
Yes. It can be calculated for specific modes of operation. There are certainly modes of operations such as GCM that have smaller limits then that you would expect for the block size. GCM has a limit of "just" 64 GiB of data. That's much larger than 5 MB, but it is much smaller than you would expect for a cipher such as AES or RC6 with a block size of 128 bits.
Counter mode (CTR mode), when used correctly on a single message, can be used to encrypt $2^{128}$ blocks of data, with each block containing 16 bytes. That's $10^{37}$ times all the data in the world. That means that this mode of operation has no practical limit for single messages (implementations may limit you to $2^{64}$ or even $2^{32}$ counter values / blocks in extreme cases).
With these kind of sizes you may expect that the amount of data to encrypt is generally not used to choose a specific mode of operation, especially not for 128 bit block ciphers: almost any mode of operation will provide higher limits than required. Other properties of the mode of operation are generally considered more important. GCM for instance provides authenticated encryption that protects the message against change, while CTR or CBC mode does not.
Is RC6 safe for using encryption or has it faced any attacks?
RC6 has not been broken. But it has not been selected to be AES either. That means that there has been less incentive to find attacks on it. As one of the AES finalists it certainly has been thoroughly examined though, and no attacks were found.
Finding good support for it, such as known good implementations or hardware implementations of it will be harder. This is especially true when it comes to authenticated modes. It could also mean that side channel attacks are more likely because of this. Generally we prefer just to use AES (Rijndael) for this reason - even though the AES algorithm may be more vulnerable in principle.
answered 15 hours ago
Maarten Bodewes
51.5k673188
edited 1 hour ago
answered 15 hours ago
Maarten Bodewes
51.5k673188
answered 15 hours ago
Maarten Bodewes
51.5k673188
answered 15 hours ago
Maarten Bodewes
51.5k673188
51.5k673188
After $2^{128}$ the counter is set to $0$ in CTR. Is there a problem that one can continue?
– kelalaka
11 hours ago
Yes it turns into a many time pad.
– Maarten Bodewes
10 hours ago
It is better to be in the answer :)
– kelalaka
10 hours ago
I'll put it in the answer when somebody reaches $2^{127}$ blocks ;) This question is not about CTR mode, they can look it up on the site if required.
– Maarten Bodewes
9 hours ago
add a comment |
After $2^{128}$ the counter is set to $0$ in CTR. Is there a problem that one can continue?
– kelalaka
11 hours ago
Yes it turns into a many time pad.
– Maarten Bodewes
10 hours ago
It is better to be in the answer :)
– kelalaka
10 hours ago
I'll put it in the answer when somebody reaches $2^{127}$ blocks ;) This question is not about CTR mode, they can look it up on the site if required.
– Maarten Bodewes
9 hours ago
After $2^{128}$ the counter is set to $0$ in CTR. Is there a problem that one can continue?
– kelalaka
11 hours ago
After $2^{128}$ the counter is set to $0$ in CTR. Is there a problem that one can continue?
– kelalaka
11 hours ago
Yes it turns into a many time pad.
– Maarten Bodewes
10 hours ago
Yes it turns into a many time pad.
– Maarten Bodewes
10 hours ago
It is better to be in the answer :)
– kelalaka
10 hours ago
It is better to be in the answer :)
– kelalaka
10 hours ago
I'll put it in the answer when somebody reaches $2^{127}$ blocks ;) This question is not about CTR mode, they can look it up on the site if required.
– Maarten Bodewes
9 hours ago
I'll put it in the answer when somebody reaches $2^{127}$ blocks ;) This question is not about CTR mode, they can look it up on the site if required.
– Maarten Bodewes
9 hours ago
add a comment |
up vote
1
down vote
Usually you don't encrypt data / messages directly with RSA, rather you encrypt a symmetric key for future encryptions.
This has the advantage that it's more efficient to encrypt and decrypt data, because symmetric cryptography is faster than asymmetric cryptography.
Can RC6 be used for encrytion and decryption of files larger than 5 MB?
Yes.
Is there any limitation for input size?
When encrypting data with a symmetric block cipher, which uses blocks of n bits, some security concerns begin to appear when the amount of data encrypted with a single key comes close to $2^n/2$ blocks, i.e. $n*2^{n/2}$ bits.
This means that there is indeed a limit of data to encrypt but it's so large that it should never be a problem. AES-128 bit encryption for example can safely encrypt data of over 250 Million TB.
Is RC6 safe for using encryption or has it faced any attacks?
RC6 is considered to be safe.
answered 22 hours ago
AleksanderRas
1,2781222
1
I'm not sure how what Wikipedia stated is a problem. It just means that some NSA malware used RC6. It doesn't mean that RC6 is broken, just that they used it. If anything, it means they trust it (or that it's so obscure that antimalware programs are unlikely to recognize it).
– forest
22 hours ago
Thanks for the answer
– Anu Davis
21 hours ago
1
@forest Edited my answer.
– AleksanderRas
19 hours ago
@AnuDavis No need to say "thanks". That's what the forum is here for.
– AleksanderRas
19 hours ago
@ AleksanderRas ok
– Anu Davis
18 hours ago
|
show 1 more comment
up vote
1
down vote
Usually you don't encrypt data / messages directly with RSA, rather you encrypt a symmetric key for future encryptions.
This has the advantage that it's more efficient to encrypt and decrypt data, because symmetric cryptography is faster than asymmetric cryptography.
Can RC6 be used for encrytion and decryption of files larger than 5 MB?
Yes.
Is there any limitation for input size?
When encrypting data with a symmetric block cipher, which uses blocks of n bits, some security concerns begin to appear when the amount of data encrypted with a single key comes close to $2^n/2$ blocks, i.e. $n*2^{n/2}$ bits.
This means that there is indeed a limit of data to encrypt but it's so large that it should never be a problem. AES-128 bit encryption for example can safely encrypt data of over 250 Million TB.
Is RC6 safe for using encryption or has it faced any attacks?
RC6 is considered to be safe.
answered 22 hours ago
AleksanderRas
1,2781222
1
I'm not sure how what Wikipedia stated is a problem. It just means that some NSA malware used RC6. It doesn't mean that RC6 is broken, just that they used it. If anything, it means they trust it (or that it's so obscure that antimalware programs are unlikely to recognize it).
– forest
22 hours ago
Thanks for the answer
– Anu Davis
21 hours ago
1
@forest Edited my answer.
– AleksanderRas
19 hours ago
@AnuDavis No need to say "thanks". That's what the forum is here for.
– AleksanderRas
19 hours ago
@ AleksanderRas ok
– Anu Davis
18 hours ago
|
show 1 more comment
up vote
1
down vote
up vote
1
down vote
Usually you don't encrypt data / messages directly with RSA, rather you encrypt a symmetric key for future encryptions.
This has the advantage that it's more efficient to encrypt and decrypt data, because symmetric cryptography is faster than asymmetric cryptography.
Can RC6 be used for encrytion and decryption of files larger than 5 MB?
Yes.
Is there any limitation for input size?
When encrypting data with a symmetric block cipher, which uses blocks of n bits, some security concerns begin to appear when the amount of data encrypted with a single key comes close to $2^n/2$ blocks, i.e. $n*2^{n/2}$ bits.
This means that there is indeed a limit of data to encrypt but it's so large that it should never be a problem. AES-128 bit encryption for example can safely encrypt data of over 250 Million TB.
Is RC6 safe for using encryption or has it faced any attacks?
RC6 is considered to be safe.
answered 22 hours ago
AleksanderRas
1,2781222
Usually you don't encrypt data / messages directly with RSA, rather you encrypt a symmetric key for future encryptions.
This has the advantage that it's more efficient to encrypt and decrypt data, because symmetric cryptography is faster than asymmetric cryptography.
Can RC6 be used for encrytion and decryption of files larger than 5 MB?
Yes.
Is there any limitation for input size?
When encrypting data with a symmetric block cipher, which uses blocks of n bits, some security concerns begin to appear when the amount of data encrypted with a single key comes close to $2^n/2$ blocks, i.e. $n*2^{n/2}$ bits.
This means that there is indeed a limit of data to encrypt but it's so large that it should never be a problem. AES-128 bit encryption for example can safely encrypt data of over 250 Million TB.
Is RC6 safe for using encryption or has it faced any attacks?
RC6 is considered to be safe.
answered 22 hours ago
AleksanderRas
1,2781222
edited 19 hours ago
answered 22 hours ago
AleksanderRas
1,2781222
answered 22 hours ago
AleksanderRas
1,2781222
answered 22 hours ago
AleksanderRas
1,2781222
1,2781222
1
I'm not sure how what Wikipedia stated is a problem. It just means that some NSA malware used RC6. It doesn't mean that RC6 is broken, just that they used it. If anything, it means they trust it (or that it's so obscure that antimalware programs are unlikely to recognize it).
– forest
22 hours ago
Thanks for the answer
– Anu Davis
21 hours ago
1
@forest Edited my answer.
– AleksanderRas
19 hours ago
@AnuDavis No need to say "thanks". That's what the forum is here for.
– AleksanderRas
19 hours ago
@ AleksanderRas ok
– Anu Davis
18 hours ago
|
show 1 more comment
1
I'm not sure how what Wikipedia stated is a problem. It just means that some NSA malware used RC6. It doesn't mean that RC6 is broken, just that they used it. If anything, it means they trust it (or that it's so obscure that antimalware programs are unlikely to recognize it).
– forest
22 hours ago
Thanks for the answer
– Anu Davis
21 hours ago
1
@forest Edited my answer.
– AleksanderRas
19 hours ago
@AnuDavis No need to say "thanks". That's what the forum is here for.
– AleksanderRas
19 hours ago
@ AleksanderRas ok
– Anu Davis
18 hours ago
1
1
I'm not sure how what Wikipedia stated is a problem. It just means that some NSA malware used RC6. It doesn't mean that RC6 is broken, just that they used it. If anything, it means they trust it (or that it's so obscure that antimalware programs are unlikely to recognize it).
– forest
22 hours ago
I'm not sure how what Wikipedia stated is a problem. It just means that some NSA malware used RC6. It doesn't mean that RC6 is broken, just that they used it. If anything, it means they trust it (or that it's so obscure that antimalware programs are unlikely to recognize it).
– forest
22 hours ago
Thanks for the answer
– Anu Davis
21 hours ago
Thanks for the answer
– Anu Davis
21 hours ago
1
1
@forest Edited my answer.
– AleksanderRas
19 hours ago
@forest Edited my answer.
– AleksanderRas
19 hours ago
@AnuDavis No need to say "thanks". That's what the forum is here for.
– AleksanderRas
19 hours ago
@AnuDavis No need to say "thanks". That's what the forum is here for.
– AleksanderRas
19 hours ago
@ AleksanderRas ok
– Anu Davis
18 hours ago
@ AleksanderRas ok
– Anu Davis
18 hours ago
|
show 1 more comment
Anu Davis is a new contributor. Be nice, and check out our Code of Conduct.
Anu Davis is a new contributor. Be nice, and check out our Code of Conduct.
Anu Davis is a new contributor. Be nice, and check out our Code of Conduct.
Anu Davis is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f64215%2finput-limitations-on-the-rc6-cipher%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
