On Thu, Mar 03, 2005 at 10:45:34PM +0100, Poul-Henning Kamp wrote: > > Since the attacker know the block number the IV generation doesn't > add strength. > > In fact expose any weakness in the algorithm even more because it > offers two-way leverage on the algorithm. > > It also adds a very efficient hit-detector for a brute force attack. > > It would have been much better to use a different key to generate the IV. > > And did he salt the block number at all ? I don't think so...
I think there's a misunderstanding here. Why do you think secrecy (unpredictability?) is an important property of an IV for a block cipher used in CBC mode? It's not an encryption key, it's an IV. It just has to have a large Hamming difference from any _other_ IV used with the same cipher key. -- Thor Lancelot Simon [EMAIL PROTECTED] "The inconsistency is startling, though admittedly, if consistency is to be abandoned or transcended, there is no problem." - Noam Chomsky _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
