[146996] in cryptography@c2.net mail archive
Re: [Cryptography] Availability of plaintext/ciphertext pairs (was
daemon@ATHENA.MIT.EDU (ianG)
Tue Sep 10 23:08:30 2013
X-Original-To: cryptography@metzdowd.com
Date: Wed, 11 Sep 2013 05:57:58 +0300
From: ianG <iang@iang.org>
To: cryptography@metzdowd.com
In-Reply-To: <D14972AD-A30B-466E-9583-BD644BF441BC@lrw.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 11/09/13 01:36 AM, Jerry Leichter wrote:
> (Generating a different one for this purpose is pointless - it would have to be random, in which case you might as well generate the IV randomly.)
In a protocol I wrote with Zooko's help, we generate a random IV0 which
is shared in the key exchange.
http://www.webfunds.org/guide/sdp/sdp1.html
Then, we also move the padding from the end to the beginning, fill it
with a non-repeating length-determined value, and expand it to a size of
16-31 bytes. This creates what is in effect an IV1 or second
transmitted IV.
http://www.webfunds.org/guide/sdp/pad.html
iang
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
