More info in my AES128-CBC question
Travis H.
travis+ml-cryptography at subspacefield.org
Wed May 9 19:00:47 EDT 2007
On Wed, May 09, 2007 at 06:04:20PM -0400, Leichter, Jerry wrote:
> However, cryptographically secure RNG's are typically just as expensive
> as doing a block encryption. So why not just encrypt the IV once with
> the session key before using it? (This is the equivalent of pre-pending
> a block of all 0's to each packet.)
There's many ways to deal with it if you're willing to do more crypts
per block. For example, you could derive an independent key and use
that to encrypt a counter for IVs... becoming a cryptographically
strong permutation... that'd work as long as you didn't send so many
IVs that you ran through most of the cycle (the last value in the
cycle is 100% predictable).
--
Kill dash nine, and its no more CPU time, kill dash nine, and that
process is mine. -><- <URL:http://www.subspacefield.org/~travis/>
For a good time on my UBE blacklist, email john at subspacefield.org.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20070509/9921b5fe/attachment.pgp>
More information about the cryptography
mailing list