> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of MauMau
>
> But folks here gave me suggestions that different IVs should be used for
> each 4KB block. I think I should do that, and I'd like to follow those
> precious advice.
>
> (However, I'm wonde
From:
I believe this will reeuse the same IV for block2 that it uses for
block1. It will appear to work but is a really bad idea and will lead
to major security problems.
From: "Jeffrey Walton"
You should have a look at Microsft's paper by Neils Ferguson on
Bitlocker's design and implementat
On 23 April 2012 13:16, MauMau wrote:
> /* encrypt first block */
> EVP_EncryptUpdate(&enc_ctx, block1, &outlen, block1, 4096);
> /* encrypt second block */
> EVP_EncryptInit_ex(&enc_ctx, NULL, NULL, NULL, NULL);
> EVP_EncryptUpdate(&enc_ctx, block2, &outlen, block2, 4096);
I believe this will r
On 04/23/2012 09:17 AM, Kevin Fowler wrote:
> When the validation is obtained for FIPS Object Module v2.0, and that
> version is officially released, will there also be an update to OpenSSL?
> Or are those two now independent as long as v1.0.1 is used with the FIPS
> module?
The new OpenSSL FIPS
On Mon, Apr 23, 2012 at 8:16 AM, MauMau wrote:
> Hello,
>
>
> Thanks a lot for your valuable advice. I'm looking into the CBC with IVs
> based on block numbers, CTR, and XTS. I'm refering to the pages below:
>
> Block cipher modes of operation
> http://en.wikipedia.org/wiki/Block_cipher_mode
>
> D
When the validation is obtained for FIPS Object Module v2.0, and that
version is officially released, will there also be an update to OpenSSL? Or
are those two now independent as long as v1.0.1 is used with the FIPS
module?
Thanks,
Kevin
Thanks for the additional information, Jeff.
I'd really like to go with GCM, but the ZigBee IP spec requires CCM.
Regards,
Paul
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Jeffrey Walton
Sent: Saturday, April 21, 2012 7
Dear Mounir,
I used wget to download the file to be sure the tarball is received
compressed.
However you're right, the file has been uncompressed and still saved as
openssl-1.0.1a.tar.gz.
There must be some transparent proxy or CDN in the path between my
computer and the openssl.org web
Hello,
Thanks a lot for your valuable advice. I'm looking into the CBC with IVs
based on block numbers, CTR, and XTS. I'm refering to the pages below:
Block cipher modes of operation
http://en.wikipedia.org/wiki/Block_cipher_mode
Disk encryption theory
http://en.wikipedia.org/wiki/Disk_encry
