Re: The importance of IVs
From: mobius30 (mobius30_at_hushmail.com)
Date: 27 Aug 2005 12:31:54 -0700
>"So yeah, forget about the IV problem. What I found even more
>disturbing is the sheer number of these libraries out there that are
>so badly assembled that they're not even what they claim to be. For
>instance, a library containing AES and Blowfish (for example), SHOULD
>be able to give you actual AES and Blowfish encryption. This is a
>no-brainer. But in my findings, it turns out that in many cases,
>you're not getting AES, nor are you getting Blowfish. So what are you
>getting? Essentially a faulty implementation which can range in
>seriousness from being somewhat buggy, to being completely insecure."
So, what you're saying is basically "If you want something done right,
do it yourself?"
This is the frightening conclusion I don't want to come to....