More info in my AES128-CBC question
Leichter, Jerry
leichter_jerrold at emc.com
Wed Apr 25 09:27:06 EDT 2007
| > Suppose we use AES128-CBC with a fixed IV. It's clear that the only
| > vulnerability of concern occurs when a key is reused. OK, where do
|
| No, remember that if the IV is in the clear, an attacker can
| make some controlled bit changes in the first plaintext block.
| (There has been no assumption of integrity enforcement.)
|
| I wonder how Adam Perez is communicating the IV.
In the original proposal, the IV was *fixed*: It was always 0. As a
result, it wasn't communicated, so could not be manipulated.
Integrity enforcement is required for other reasons anyway (and, based
on later responses, was always part of the protocol).
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list