[86414] in cryptography@c2.net mail archive
RE: More info in my AES128-CBC question
daemon@ATHENA.MIT.EDU (Leichter, Jerry)
Wed Apr 25 18:16:07 2007
Date: Wed, 25 Apr 2007 09:27:06 -0400 (EDT)
From: "Leichter, Jerry" <leichter_jerrold@emc.com>
To: Geoffrey Hird <geoffrey@arcot.com>
cc: cryptography@metzdowd.com
In-Reply-To: <C6C0FD1AF82E414ABDF3BD27100D33AD0CAF55@arcotexchange02.arcot.com>
| > Suppose we use AES128-CBC with a fixed IV. It's clear that the only
| > vulnerability of concern occurs when a key is reused. OK, where do
|
| No, remember that if the IV is in the clear, an attacker can
| make some controlled bit changes in the first plaintext block.
| (There has been no assumption of integrity enforcement.)
|
| I wonder how Adam Perez is communicating the IV.
In the original proposal, the IV was *fixed*: It was always 0. As a
result, it wasn't communicated, so could not be manipulated.
Integrity enforcement is required for other reasons anyway (and, based
on later responses, was always part of the protocol).
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
