On Thu, Mar 03, 2005 at 10:45:34PM +0100, Poul-Henning Kamp wrote:
>
> Since the attacker know the block number the IV generation doesn't
> add strength.
> 
> In fact expose any weakness in the algorithm even more because it
> offers two-way leverage on the algorithm.
> 
> It also adds a very efficient hit-detector for a brute force attack.
> 
> It would have been much better to use a different key to generate the IV.
> 
> And did he salt the block number at all ?  I don't think so...

I think there's a misunderstanding here.  Why do you think secrecy
(unpredictability?) is an important property of an IV for a block
cipher used in CBC mode?  It's not an encryption key, it's an IV.
It just has to have a large Hamming difference from any _other_ IV
used with the same cipher key.

-- 
 Thor Lancelot Simon	                                      tls@rek.tjls.com

"The inconsistency is startling, though admittedly, if consistency is to be
 abandoned or transcended, there is no problem."		- Noam Chomsky