Subject: Re: FUD about CGD and GBDE
To: None <,,>
From: Thor Lancelot Simon <>
List: tech-security
Date: 03/03/2005 16:51:14
On Thu, Mar 03, 2005 at 10:45:34PM +0100, Poul-Henning Kamp wrote:
> Since the attacker know the block number the IV generation doesn't
> add strength.
> In fact expose any weakness in the algorithm even more because it
> offers two-way leverage on the algorithm.
> It also adds a very efficient hit-detector for a brute force attack.
> It would have been much better to use a different key to generate the IV.
> And did he salt the block number at all ?  I don't think so...

I think there's a misunderstanding here.  Why do you think secrecy
(unpredictability?) is an important property of an IV for a block
cipher used in CBC mode?  It's not an encryption key, it's an IV.
It just has to have a large Hamming difference from any _other_ IV
used with the same cipher key.

 Thor Lancelot Simon	                            

"The inconsistency is startling, though admittedly, if consistency is to be
 abandoned or transcended, there is no problem."		- Noam Chomsky