Re: IV and key size
From: Peter Pearson (ppearson_at_nowhere.invalid)
Date: 12/12/04
- Next message: Eldin Branson: "DriveCrypt Keyspace Sizesing Question"
- Previous message: Paul Rubin: "Re: Timing-based attacks"
- In reply to: Arnaud Carré: "IV and key size"
- Next in thread: Mok-Kong Shen: "Re: IV and key size"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 12 Dec 2004 13:12:59 -0800
Arnaud Carré wrote:
> Does the IV can be considered as a "key extension" ? I mean, if I use
> AES-256 and a random IV of 128bits, is it equivalent of using a cypher
> algorithm with a "256+128" key ? Or is it less because the IV is completly
> different ?
Short answer: don't treat the IV as an extension of the key.
The purpose of the IV is to provide variability to avoid
encrypting identical blocks with the same key. A typical
cryptosystem does not depend on the secrecy of the IV,
does not claim greater security if the IV is secret, and
generally sends the IV in the clear.
Keeping the IV secret is incompatible with the requirement
that it change for every message. If you propose to derive
the IV from some other information sent in the clear, then
that other information is, in effect, your real IV.
-- Peter Pearson To get my email address, substitute: nowhere -> spamcop, invalid -> net
- Next message: Eldin Branson: "DriveCrypt Keyspace Sizesing Question"
- Previous message: Paul Rubin: "Re: Timing-based attacks"
- In reply to: Arnaud Carré: "IV and key size"
- Next in thread: Mok-Kong Shen: "Re: IV and key size"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
