W3C home > Mailing lists > Public > xml-encryption@w3.org > November 2001

RE: Encrypting IV in ECB

From: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
Date: Mon, 12 Nov 2001 18:18:07 +0100
To: Blair Dillaway <blaird@microsoft.com>, "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
Cc: XML Encryption WG <xml-encryption@w3.org>
Message-id: <566740662.1005589087@[192.168.10.2]>
OK, the solution with the Nonce is good and works. I forgot that 
possibilty.

Thanks,
Christian

--On Montag, 12. November 2001 08:47 -0800 Blair Dillaway 
<blaird@microsoft.com> wrote:

> I agree with Don on this.  Lets not start adding in IV encryption modes.
> I disagree with the assertion doing this is a trivial change.  It will
> end up creating quite a bit more work for implementors and interop
> testing.
>
> The issue Christian describes below is already dealt with through the
> use of the optional NONCE value.  By placing a NONCE of length larger
> than the alg block size, manipulating the IV can only cause the NONCE to
> decrypt incorrectly.  It will not allow one to manipulate the decrypted
> value of the original plain-text.
>
> Blair
Received on Monday, 12 November 2001 12:15:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:19 GMT