More info in my AES128-CBC question
Nicolas Williams
Nicolas.Williams at sun.com
Thu Apr 26 09:33:59 EDT 2007
On Wed, Apr 25, 2007 at 10:58:01PM -0500, Travis H. wrote:
> On Wed, Apr 25, 2007 at 05:42:44PM -0500, Nicolas Williams wrote:
> > A confounder is an extra block of random plaintext that is prepended to
> > a message prior to encryption with a block cipher in CBC (or CTS) mode;
> > the resulting extra block of ciphertext must also be sent to the peer.
>
> Not true. Since we are comparing confounders to IVs, let's make identical
> assumptions; that the value is somehow agreed upon in advance.
The term "confounder" as used in Kerberos V is as I described.
> > If the
> > IV chained across continguous messages as in SSHv2 then you have a
> > problem (see above).
>
> I don't fully understand what it means to have IVs chained across
> contiguous (?) messages, as in CBC mode each ciphertext block forms
> the "IV" of the block after it, effectively; basically an IV is just
> C_0 for some stream.
The last ciphertext block of one message is the IV for the next.
Nico
--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list