[Cryptography] Availability of plaintext/ciphertext pairs (was Re: In the face of "cooperative" end-points, PFS doesn't help)

ianG iang at iang.org
Tue Sep 10 22:57:58 EDT 2013

On 11/09/13 01:36 AM, Jerry Leichter wrote:
> (Generating a different one for this purpose is pointless - it would have to be random, in which case you might as well generate the IV randomly.)

In a protocol I wrote with Zooko's help, we generate a random IV0 which 
is shared in the key exchange.


Then, we also move the padding from the end to the beginning, fill it 
with a non-repeating length-determined value, and expand it to a size of 
16-31 bytes.  This creates what is in effect an IV1 or second 
transmitted IV.



More information about the cryptography mailing list