More info in my AES128-CBC question
Aram Perez
aramperez at mac.com
Fri Apr 20 01:32:58 EDT 2007
Hi Folks,
First, thanks for all your answers.
The proposal for using AES128-CBC with a fixed IV of all zeros is for a protocol between two entities that will be exchanging messages. This is being done in a "standards" body (OMA) and many of the attendees have very little security experience. As I mentioned, the response to my question of why would we standardize this was "that's how SD cards do it".
I'll look at the references and hopefully convince enough people that it's a bad idea.
Thanks again,
Aram Perez
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list