Subject: Re: FUD about CGD and GBDE
To: None <tech-security@netbsd.org, hackers@freebsd.org,>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-security
Date: 03/03/2005 16:51:14
On Thu, Mar 03, 2005 at 10:45:34PM +0100, Poul-Henning Kamp wrote:
>
> Since the attacker know the block number the IV generation doesn't
> add strength.
>
> In fact expose any weakness in the algorithm even more because it
> offers two-way leverage on the algorithm.
>
> It also adds a very efficient hit-detector for a brute force attack.
>
> It would have been much better to use a different key to generate the IV.
>
> And did he salt the block number at all ? I don't think so...
I think there's a misunderstanding here. Why do you think secrecy
(unpredictability?) is an important property of an IV for a block
cipher used in CBC mode? It's not an encryption key, it's an IV.
It just has to have a large Hamming difference from any _other_ IV
used with the same cipher key.
--
Thor Lancelot Simon tls@rek.tjls.com
"The inconsistency is startling, though admittedly, if consistency is to be
abandoned or transcended, there is no problem." - Noam Chomsky