Re: Rijndael: IV Required for Decryption?
From: MikeP (mprocopio_at_gmail.com)
Date: 10 Aug 2005 20:24:12 -0700
Hi Regis, Thank you for your comments. My reponses are inline--
> On 10 Aug 2005 19:25:27 -0700, "MikeP" <firstname.lastname@example.org> wrote:
> Before relying on any implementations for your actual security, it's
> absolutely vital that you test and verify the cipher to make sure that
> it's been put together correctly.
I fully concur... and that's right where I was in terms of the process!
I see that the encryption function makes use of an IV (in this case, as
a placeholder, weak random bytes), and that this is used at the
beginning of the chaining... Looks good. But then I don't see ANY
mechanism to provide the IV in the corresponding decryption method--so
here we are :).
> Get the test vectors from the cipher's designer and make sure that the
> output from the implementation you're using matches the output of the
> original test vectors. If the implementation you're using can't
> reproduce the test vectors, you have to avoid it like the plague.
I have a set of Rijndael test vectors from NIST (Link:
verifying them is top priority.
> It's astounding how many faulty implementations are floating around in
> the general public, no doubt created by script kiddies or other such
> specimens who have no business being in the programming field, let
> alone touching cryptography.
> Using a faulty implementation is the same as storing your money in a
> vault made out of cardboard.
I entirely agree--I have waded through my share of shoddy cryptographic
code. In this particular case, Fritz Schneider, the author, has given a
reasonable treatment to Rijndael (which, incidentally, has been
discussed here about four years ago on sci.crypt). At the very least,
it gives me a starting point for my own efforts.
Thank you again for your comments... hopefully I can get up and running
with validating this code.