More info in my AES128-CBC question
Travis H.
travis+ml-cryptography at subspacefield.org
Wed Apr 25 23:58:01 EDT 2007
On Wed, Apr 25, 2007 at 05:42:44PM -0500, Nicolas Williams wrote:
> A confounder is an extra block of random plaintext that is prepended to
> a message prior to encryption with a block cipher in CBC (or CTS) mode;
> the resulting extra block of ciphertext must also be sent to the peer.
Not true. Since we are comparing confounders to IVs, let's make identical
assumptions; that the value is somehow agreed upon in advance.
Then, one need not send it; the receiver can compute C_(i-1) = E_k(confounder)
without actually having it sent to him, and from there
continue decryption with P_i = C_(i-1) xor D_k(C_i) and so on.
> If the
> IV chained across continguous messages as in SSHv2 then you have a
> problem (see above).
I don't fully understand what it means to have IVs chained across
contiguous (?) messages, as in CBC mode each ciphertext block forms
the "IV" of the block after it, effectively; basically an IV is just
C_0 for some stream.
--
Kill dash nine, and its no more CPU time, kill dash nine, and that
process is mine. -><- <URL:http://www.subspacefield.org/~travis/>
For a good time on my UBE blacklist, email john at subspacefield.org.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20070425/574b1aff/attachment.pgp>
More information about the cryptography
mailing list