[Cryptography] Killing two IV related birds with one stone

Perry E. Metzger perry at piermont.com
Wed Sep 11 20:15:30 EDT 2013

On Wed, 11 Sep 2013 20:01:28 -0400 Jerry Leichter <leichter at lrw.com>
> > ...Note that if you still transmit the IVs, a misimplemented
> > client could still interoperate with a malicious counterparty
> > that did not use the enforced method for IV calculation. If you
> > don't transmit the IVs at all but calculate them, the system will
> > not interoperate if the implicit IVs aren't calculated the same
> > way by both sides, thus ensuring that the covert channel is
> > closed.

> Ah, but where did the session and IV-generating keys come from?
> The same random generator you now don't trust to directly give you
> an IV?

Certainly, but if you remove most or all covert channels, you've
narrowed the problem down to auditing the RNG instead of having to
audit much more of the system. It is all a question of small steps
towards better assurance. No one measure will fix everything.

Perry E. Metzger		perry at piermont.com

More information about the cryptography mailing list