[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pf_key comments
Hilarie Orman says:
>>> Does the IV have to be *unpredictably* different, or just different?
>>
>> Just different.
>
> Phil Rogaway has pointed out that if the IV and the first data block are
> both changing so as to cause their xor to be constant, the purpose of
> the IV is defeated.
Cute!
> I don't know if this has ever been observed in practice, but it
> is something to keep in mind (I suppose someone now will try to design
> this into a protocol as some kind of optimization!).
(:-)
Considering that IV has nothing to do with the data block, I'd
say the chance to see this in practice is nil.
Could anybody comment on this? Was/is there ever a case when IV
was somehow data-dependent?
Oh, and when you use the last ciphertext from the last message
as the IV for the next message, due to ciphertext properties
of any semi-decent cipher this should be a no-issue. Correct?
--
Regards,
Uri uri@watson.ibm.com
-=-=-=-=-=-=-
<Disclaimer>
References: