More info in my AES128-CBC question
Steven M. Bellovin
smb at cs.columbia.edu
Fri Apr 20 12:02:15 EDT 2007
On Thu, 19 Apr 2007 22:32:58 -0700
Aram Perez <aramperez at mac.com> wrote:
> Hi Folks,
>
> First, thanks for all your answers.
>
> The proposal for using AES128-CBC with a fixed IV of all zeros is for
> a protocol between two entities that will be exchanging messages.
> This is being done in a "standards" body (OMA) and many of the
> attendees have very little security experience. As I mentioned, the
> response to my question of why would we standardize this was "that's
> how SD cards do it".
>
> I'll look at the references and hopefully convince enough people that
> it's a bad idea.
>
Let me make a stronger statement. If the standards group has "very
little security experience", they *will* get many things wrong. They
desperately need to get several clueful individuals involved and
*listen* to them.
The WEP group made that mistake. I use WEP in my classes as a case
study in how to do crypto wrong.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list