Re: Initializatin Vector schedule
- From: Paulo Marques <pmarques@xxxxxxxxxxxx>
- Date: Fri, 14 Oct 2011 12:43:11 +0100
Greg Rose wrote:
In article <1c212e07abd1229c21fc82fa900ada4f@xxxxxxxxxxxxxxxxxxxxxxxx>,
Anonymous <nobody@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:
[...]
So code examples like this one:
http://www.obviex.com/samples/Encryption.aspx
really suck since they don't show that after the first call to
Encrypt(), all subsequent calls to Encrypt() need to have the
ciphertext of the previous call inserted in the IV parameter. Correct?
NO! This is exactly the bug that bit TLS 1.0.
The ciphertext from the previous call can be
assumed known to an attacker. It should create
a new random(-looking) IV for each call.
I think the problem here is the definition of "call". You don't need a
new random IV for each 128-bit block of plaintext. That would be insane,
and I don't think that is what you're saying (but it might be read as such).
If you're in a scenario where the attacker can inject plaintext into the
middle of your stream (like in BEAST) then you need a new IV for each
"message" (or packet, or...) where a message is a contiguous sequence of
blocks from the same source.
But I think we all agree here, I just wanted to make it extra clear...
--
Paulo Marques
Software Development Department - Grupo PIE, S.A.
Phone: +351 252 290600, Fax: +351 252 290601
Web: www.grupopie.com
"There cannot be a crisis today; my schedule is already full."
.
- Follow-Ups:
- Re: Initializatin Vector schedule
- From: tom st denis
- Re: Initializatin Vector schedule
- References:
- Re: Initializatin Vector schedule
- From: Anonymous
- Re: Initializatin Vector schedule
- Prev by Date: Re: Shuffle n’ Slice Parameters – How They Work.
- Next by Date: Re: Initializatin Vector schedule
- Previous by thread: Re: Initializatin Vector schedule
- Next by thread: Re: Initializatin Vector schedule
- Index(es):
Relevant Pages
|
