[86483] in cryptography@c2.net mail archive
Re: More info in my AES128-CBC question
daemon@ATHENA.MIT.EDU (Travis H.)
Thu Apr 26 08:46:13 2007
Date: Wed, 25 Apr 2007 22:58:01 -0500
From: "Travis H." <travis+ml-cryptography@subspacefield.org>
To: Cryptography <cryptography@metzdowd.com>
Mail-Followup-To: Cryptography <cryptography@metzdowd.com>
In-Reply-To: <20070425224244.GB20738@Sun.COM>
--UBnjLfzoMQYIXCvq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Apr 25, 2007 at 05:42:44PM -0500, Nicolas Williams wrote:
> A confounder is an extra block of random plaintext that is prepended to
> a message prior to encryption with a block cipher in CBC (or CTS) mode;
> the resulting extra block of ciphertext must also be sent to the peer.
Not true. Since we are comparing confounders to IVs, let's make identical
assumptions; that the value is somehow agreed upon in advance.
Then, one need not send it; the receiver can compute C_(i-1) =3D E_k(confou=
nder)
without actually having it sent to him, and from there
continue decryption with P_i =3D C_(i-1) xor D_k(C_i) and so on.
> If the
> IV chained across continguous messages as in SSHv2 then you have a
> problem (see above).
I don't fully understand what it means to have IVs chained across
contiguous (?) messages, as in CBC mode each ciphertext block forms
the "IV" of the block after it, effectively; basically an IV is just
C_0 for some stream.
--=20
Kill dash nine, and its no more CPU time, kill dash nine, and that
process is mine. -><- <URL:http://www.subspacefield.org/~travis/>
For a good time on my UBE blacklist, email john@subspacefield.org.
--UBnjLfzoMQYIXCvq
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (OpenBSD)
iQIVAwUBRjAjSWQVZZEDJt9HAQKbHQ//R4SmaTSyP0Ep3aMDzy9kVYKNjSw62NDi
OEQ//7pYAN8h3iMLIMoBt0iKhGyeMjvvgV2IEGLogTBl/FKsw7otwbRMnnvXrN9m
GXowoYyg/CpS0ms9aMEYrxw1h0HLIKhJPXof4Pe/WhOJQI17ZsAQiAR8w1Ka7Rc7
kzMpLpVqzpBZu5QvJ3++olhdowixujXMpkGH7OOHj0yHqjVN2uLlB1MLal5OxSHu
nmRyZTRNxuqaIpvOfZVfjoXfZmuMYo1jHhA9lpp98YC05p1KQHxBylJp9NC8gt1U
O36C1aNAARkgF07RkqpzAghwSOnKB0YJpfYfP0gxpq28IxIyQ6NDPHE7Q2HNSiap
2e9McA3LyGf3yhCuPha4/orDJiN6Xf68wQiOGsgxOLri5oO2DzrqdKJ+Wd5r+biG
rUpMoHhg5rDL0qIOzoZp09orEpKJEBN2lASAN4JV1+qKtD6FJzq+CzijYtQnxkEQ
j+rU/TBd68nOTSI23zOFmiGEFzpW5dlK8HTeBfE4jsXjufwtDjxWhfDXKvWf/yCw
zPrXUi3wEUaqWD5oZnGzMCIJwGt8UuxSIbGFwKPrX250BoupGx3hLaRwVphndLdy
mvcYZ+9Dbje2CA3xU2ydrN3YLUxuWaYhXOWU805TfYYORNii8dFomJWuZM+Kau3P
nVprXLDnOjc=
=Yaph
-----END PGP SIGNATURE-----
--UBnjLfzoMQYIXCvq--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
