Talk:Ciphertext stealing

Untitled
It isn't clear to me what is meant by "in place encrypt", so I'm reverting to the (mostly) prior text. Also, I think that removing note that Meyer describes an incompatible scheme is important. Efnar (talk) 22:29, 19 March 2008 (UTC)

Clarity
For me, the first paragraph under General Characteristics was really confusing (as of 11:35 AM GMT 16 FEB 2011).

Perhaps it would be more clear if it were more to the point. "Ordinarily, plaintext padding is used to make P divisible by block size. Ciphertext stealing uses a previous block's cipertext output for padding of the final block. Since this ciphertext will be recovered upon decryption of the final block, it can be removed from transmission of the next to last block." —Preceding unsigned comment added by 204.87.16.4 (talk) 11:55, 16 February 2011 (UTC)

needs updating for latest discoveries
This page evidently badly needs updating in the light of

The Security of Ciphertext Stealing. Phillip Rogaway, Mark Wooding, and Haibin Zhang. FSE 2012, LNCS 7549, pages 180-195, 2012.

http://csiflabs.cs.ucdavis.edu/~hbzhang/steal.pdf

which claims the Meyer and Matyas mode is insecure and should not be used.

86.133.125.132 (talk) 12:26, 1 April 2013 (UTC)

CBC ciphertext stealing encryption using a standard CBC interface
This section self-evidently does not make sense. If you truncate a block of cipher text you will never be able to decrypt it. — Preceding unsigned comment added by 86.142.231.35 (talk) 08:28, 3 April 2013 (UTC)
 * This section describes the mode CBC-CS3 proposed by NIST. Ciphertext can be decrypted as described in the article. According to the paper by Rogaway, Wooding and Zhang cited above CBC-CS3 makes a lot more sense than the remainder of the wikipedia article. 83.77.189.6 (talk) 17:49, 3 April 2013 (UTC)