Paul Koning wrote: > I don't suppose it's ideal, but that sounds like a chosen plaintext > attack, which is something that good cryptosystems should be able to > cope with. > > Apart from that, the explicit IV RFC has the same property: it > describes chaining from one block to the next as a "common practice" > (RFC 2451, top of page 8). There isn't any assumption that IVs are > unpredictable -- the preceding packet will tell you what it will be in > implementations that use that "common practice". What is required is > avoiding low Hamming distance, which chaining will do (as will the use > of a separate random IV per packet). I realize that it is common practice, however this practice opens you up to a chosen plaintext attack. I admit that this is unlikely, but since it can be avoided by choosing a random IV or one that is unpredictable.... why not? Philip -- Philip Gladstone +1 781 530 2461 Axent Technologies, Waltham, MA
S/MIME Cryptographic Signature