Re: The importance of IVs
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


sci.crypt archive

Re: The importance of IVs

From: Kristian Gjøsteen <kristiag+news@item.ntnu.no>
Date: Mon Aug 29 2005 - 13:07:51 CEST



mobius30 <mobius30@hushmail.com> wrote:


>How important are IVs?  Does not using them really pose that much of a


>risk under the conditions that:


>a) you have several repetitive characters at the beginning of multiple


>intercepted encrypted messages


>b) the same password is used in each of these messages (let's say it's


>64-bits)



It depends.



If you are using a block cipher in CBC mode, not using an IV may


not be a catastrophic failure. If you include a few random characters


at the start of each message, that essentially works like an IV,


so that's ok.



But if you are using an additive stream cipher, not using an IV is


a catastrophic failure. Depending on the document in question,


adversaries may be able to read your plaintext after just a few


messages, maybe as little as two. Adding random characters to the


message does not help.



-- 
Kristian Gjøsteen


Received on Thu Sep 29 21:51:29 2005