Subject: Re: FUD about CGD and GBDE
To: None <email@example.com, firstname.lastname@example.org,>
From: Thor Lancelot Simon <email@example.com>
Date: 03/03/2005 16:51:14
On Thu, Mar 03, 2005 at 10:45:34PM +0100, Poul-Henning Kamp wrote:
> Since the attacker know the block number the IV generation doesn't
> add strength.
> In fact expose any weakness in the algorithm even more because it
> offers two-way leverage on the algorithm.
> It also adds a very efficient hit-detector for a brute force attack.
> It would have been much better to use a different key to generate the IV.
> And did he salt the block number at all ? I don't think so...
I think there's a misunderstanding here. Why do you think secrecy
(unpredictability?) is an important property of an IV for a block
cipher used in CBC mode? It's not an encryption key, it's an IV.
It just has to have a large Hamming difference from any _other_ IV
used with the same cipher key.
Thor Lancelot Simon firstname.lastname@example.org
"The inconsistency is startling, though admittedly, if consistency is to be
abandoned or transcended, there is no problem." - Noam Chomsky