Re: Knowledge of Initialization vectors

From: Terry Ritter (ritter_at_ciphersbyritter.com)
Date: 04/30/03


Date: 30 Apr 2003 00:25:58 -0700


"Scott Fluhrer" <sfluhrer@ix.netcom.com> wrote in message news:<b8m1s9$cg0$1@slb5.atl.mindspring.net>...
> "Mok-Kong Shen" <mok-kong.shen@t-online.de> wrote in message
> news:3EAE546A.6E0D4699@t-online.de...
> >
> >
> > Terry Ritter wrote:
> > >
> > > Benjamin Goldberg <goldbb2@earthlink.net> wrote:
>
> > > > The initialization vector can be safely provided with the ciphertext;
> > > > generally, their only requirement is that you never use a particular
> IV
> > > > with more than one message.
> > >
> > > There is a potential problem with the first block of CBC. See:
> > >
> > > http://www.ciphersbyritter.com/GLOSSARY.HTM#CipherBlockChaining
> >
> > This implies that one should preferably the IV sent
> > encrypted. Is that right? Thanks.
>
> Actually, the problem that Terry mentions is one way in which CBC is
> malleable -- that is, an attacker can modify the ciphertext to produce
> predictable or semipredictable changes in the plaintext. Since it is not
> the only one, blocking this attack while allowing similar attacks may not
> make sense. The real solution is to use some integrity check, such as a
> MAC.

Sadly, poncho gives no argument, instead merely *implying*
that some valid argument exists. Are there in fact other
ways CBC plaintext can be modified without garble? If so,
what might those be? Presumably they are described in texts
so well known that he could reasonably expect anyone reading
this to have absorbed their contents, otherwise he would have
referenced them in detail. But which texts would those be,
exactly?

No, what we got from poncho is a fine example of the logical
fallacy of "argument by innuendo":

http://www.ciphersbyritter.com/GLOSSARY.HTM#ArgumentByInnuendoFallacy

Note that I addressed the issue of "integrity check" in my
Glossary entry.

---
Terry Ritter   http://www.ciphersbyritter.com/
Glossary       http://www.ciphersbyritter.com/GLOSSARY.HTM
Crypto Intro   http://www.ciphersbyritter.com/LEARNING.HTM