Re: crypto(4) and IVs

To: tech-crypto%NetBSD.org@localhost
Subject: Re: crypto(4) and IVs
From: der Mouse <mouse%Rodents.Montreal.QC.CA@localhost>
Date: Sun, 29 May 2005 14:43:34 -0400 (EDT)

>> In passing, I have to wonder whether you were just being careless
>> with language when you wrote "predictable".
> I meant "predictable by the attacker".  The attacker who sees packet
> N could predict the IV used by packet N+1.

How is this different from seeing block B and thus knowing the IV for
block B+1 within a packet?

If you posit attacker control over the plaintext in packet N+1, you're
talking the adaptive chosen plaintext threat model I mentioned.  If
not, I can't see any significant difference between this and *any* use
of CBC modes.

/~\ The ASCII                           der Mouse
\ / Ribbon Campaign
 X  Against HTML               mouse%rodents.montreal.qc.ca@localhost
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Follow-Ups:
- Re: crypto(4) and IVs
  - From: Steven M. Bellovin

References:
- Re: crypto(4) and IVs
  - From: Steven M. Bellovin

Prev by Date: Re: crypto(4) and IVs
Next by Date: Re: crypto(4) and IVs
Previous by Thread: Re: crypto(4) and IVs
Next by Thread: Re: crypto(4) and IVs
Indexes:

Home | Main Index | Thread Index | Old Index