Re: crypto(4) and IVs

To: der Mouse <mouse%Rodents.Montreal.QC.CA@localhost>
Subject: Re: crypto(4) and IVs
From: "Steven M. Bellovin" <smb%cs.columbia.edu@localhost>
Date: Sun, 29 May 2005 15:40:44 -0400

In message <200505291846.OAA13705%Sparkle.Rodents.Montreal.QC.CA@localhost>, 
der Mouse wr
ites:
>>> In passing, I have to wonder whether you were just being careless
>>> with language when you wrote "predictable".
>> I meant "predictable by the attacker".  The attacker who sees packet
>> N could predict the IV used by packet N+1.
>
>How is this different from seeing block B and thus knowing the IV for
>block B+1 within a packet?
>
>If you posit attacker control over the plaintext in packet N+1, you're
>talking the adaptive chosen plaintext threat model I mentioned.  If
>not, I can't see any significant difference between this and *any* use
>of CBC modes.

Adaptive chosen plaintext is indeed a threat in some situations.  

                --Steven M. Bellovin, http://www.cs.columbia.edu/~smb

References:
- Re: crypto(4) and IVs
  - From: der Mouse

Prev by Date: Re: crypto(4) and IVs
Next by Date: peculiar ssh stuttering
Previous by Thread: Re: crypto(4) and IVs
Next by Thread: Re: crypto(4) and IVs
Indexes:

Home | Main Index | Thread Index | Old Index