Jean-Luc Cooke wrote:
>Christophe and I's scheme of IV = firstIV + blockNum
>for initial setup and IV = IV + 2^64 for IV updates will work fine
That's not ideal. I'd suggest IV = HMAC_k(firstIV, blockNum) or somesuch.
Sequential IV's aren't a good choice with CBC -- they can leak a little
bit of information about the first block of plaintext, in some cases.
Agreed. Good catch David.
JLC
On Wed, Mar 03, 2004 at 09:40:05PM +0000, David Wagner wrote:
> Jean-Luc Cooke wrote:
> >Christophe and I's scheme of IV = firstIV + blockNum
> >for initial setup and IV = IV + 2^64 for IV updates will work fine
>
> That's not ideal. I'd suggest IV = HMAC_k(firstIV, blockNum) or somesuch.
> Sequential IV's aren't a good choice with CBC -- they can leak a little
> bit of information about the first block of plaintext, in some cases.
--
http://www.certainkey.com
Suite 4560 CTTC
1125 Colonel By Dr.
Ottawa ON, K1S 5B6