Posted by Tim on Dec 30

Hi Erik,

Thanks for backing me up on a number of things. Only one response below.

The site you linked mentioned 64bit block ciphers are vulnerable, even
in CTR mode. Obviously the birthday “paradox” applies. Regardless of
how right or wrong you are about Sweet32, this far from the most
important thing *implementors* should be worried about. Obviously if
they start with AES, then the birthday paradox issues are vastly
reduced. Any…