[Cryptography] Should the IV of an encryption operation be input to the key derivation function?
William Allen Simpson
william.allen.simpson at gmail.com
Fri Apr 7 10:49:31 EDT 2017
On 4/6/17 2:48 PM, Natanael wrote:
> I do think I'd do it slightly differently by having a derived IV too for the encryption algorithm, simply by making the KDF
> output larger and splitting it in two. I don't think it really changes the security considerations, but it makes for cleaner separation.
>
+1
I proposed this secret IV circa 1993-1994 for the original IPsec,
but also ensured that the IV changed per message by XOR'ing the
Sequence Number into it.
And for Photuris also ensured that it would not be a related key.
More information about the cryptography
mailing list