Re: Rijndael: IV Required for Decryption?

From: MikeP (mprocopio_at_gmail.com)
Date: 08/11/05


Date: 10 Aug 2005 20:24:12 -0700

Hi Regis, Thank you for your comments. My reponses are inline--

Regis wrote:
> On 10 Aug 2005 19:25:27 -0700, "MikeP" <mprocopio@gmail.com> wrote:

> Before relying on any implementations for your actual security, it's
> absolutely vital that you test and verify the cipher to make sure that
> it's been put together correctly.

I fully concur... and that's right where I was in terms of the process!
I see that the encryption function makes use of an IV (in this case, as
a placeholder, weak random bytes), and that this is used at the
beginning of the chaining... Looks good. But then I don't see ANY
mechanism to provide the IV in the corresponding decryption method--so
here we are :).

> Get the test vectors from the cipher's designer and make sure that the
> output from the implementation you're using matches the output of the
> original test vectors. If the implementation you're using can't
> reproduce the test vectors, you have to avoid it like the plague.

I have a set of Rijndael test vectors from NIST (Link:
http://csrc.nist.gov/encryption/aes/rijndael/rijndael-vals.zip) and
verifying them is top priority.

> It's astounding how many faulty implementations are floating around in
> the general public, no doubt created by script kiddies or other such
> specimens who have no business being in the programming field, let
> alone touching cryptography.

> Using a faulty implementation is the same as storing your money in a
> vault made out of cardboard.

I entirely agree--I have waded through my share of shoddy cryptographic
code. In this particular case, Fritz Schneider, the author, has given a
reasonable treatment to Rijndael (which, incidentally, has been
discussed here about four years ago on sci.crypt). At the very least,
it gives me a starting point for my own efforts.

Thank you again for your comments... hopefully I can get up and running
with validating this code.

--Mike



Relevant Pages

  • [PATCH 10/22] trivial: fix typo "from from" in multiple files
    ... * SHA256 test vectors from from NIST ... * SHA384 test vectors from from NIST and kerneli ... * access and verify no pending requests before reset ...
    (Linux-Kernel)
  • Re: SHA-224 Test Vectors
    ... i did not verify your complete hash_tv.txt list but it verified your two ... simple test vectors below. ... IAIK - Graz University of Technology ... "Tom St Denis" wrote in message ...
    (sci.crypt)
  • Re: Test vectors HMAC-SHA-512/256 and .../224
    ... A colleague of mine has used his own tools to verify your results. ... independent method. ... and associated test vectors for the new hash algorithms ... Can anybody confirm the following test vectors for the ...
    (sci.crypt)
  • Re: SHA-224 Test Vectors
    ... > i did not verify your complete hash_tv.txt list but it verified your two ... If you put your test vectors in the format I gave I can ... Tom ...
    (sci.crypt)