[85746] in cryptography@c2.net mail archive
Re: More info in my AES128-CBC question
daemon@ATHENA.MIT.EDU (Victor Duchovni)
Fri Apr 20 13:18:23 2007
Date: Fri, 20 Apr 2007 11:58:46 -0400
From: Victor Duchovni <Victor.Duchovni@MorganStanley.com>
To: Aram Perez <aramperez@mac.com>
Cc: Cryptography <cryptography@metzdowd.com>
Mail-Followup-To: Aram Perez <aramperez@mac.com>,
Cryptography <cryptography@metzdowd.com>
In-Reply-To: <3586730C-0112-1000-837D-F5675E8BEF3F-Webmail-10019@mac.com>
On Thu, Apr 19, 2007 at 10:32:58PM -0700, Aram Perez wrote:
> Hi Folks,
>
> First, thanks for all your answers.
>
> The proposal for using AES128-CBC with a fixed IV of all zeros is for a protocol between two entities that will be exchanging messages. This is being done in a "standards" body (OMA) and many of the attendees have very little security experience. As I mentioned, the response to my question of why would we standardize this was "that's how SD cards do it".
>
> I'll look at the references and hopefully convince enough people that it's a bad idea.
>
You still have not described the protocol, or how keys are used/managed.
The question has no answer outside the context of a specific protocol,
other than in general it is best practice to use random IVs or otherwise
unlikely to repeat IVs.
--
/"\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAIL Morgan Stanley confidentiality or privilege,
and use is prohibited.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
