- From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
- Date: Sat, 10 Nov 2001 00:17:43 -0500
- To: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
- cc: XML Encryption WG <xml-encryption@w3.org>
While this doesn't seem like such a bad idea, I'm not aware of any other standards that do this and I'm not sure we should be the first. This just seems like another case where you want a message integrity check or signature inside the encryption. Donald From: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de> Date: Sat, 03 Nov 2001 11:27:53 +0100 To: XML Encryption WG <xml-encryption@w3.org> Cc: Joseph Reagle <reagle@w3.org> Message-id: <4059493363.1004786873@pinkpanther> >Hi all, > >about the use of the IV in block encryption in CBC mode: >[Menezes/Orschoot/Vanstone] state in Remark 7.16 (integrity if IV in CBC): > > "While the IV in the CBC mode need not be secret, its > integrity should be protected, since malicious > modifications thereof allows an adversary to make > predictable bit changes to the first plaintext > block recovered." > >Suggestion: > >If we encrypt the IV in Electronic Codebook Mode (ECB), we ensure that >modifications on the bit layer will break decryption of the complete block. > > "ALGORITHM is used in the Cipher Block Chaining > (CBC) mode with a ALGO_KEY_BIT_LENGTH bit > Initialization Vector (IV). <ADD>The IV is > encrypted in ECB mode.</ADD> The resulting > cipher text is prefixed by the > <ADD>encrypted</ADD> IV." > >Does this make sense to you? > >Best regards, >Christian > >[Menezes/Orschoot/Vanstone] Handbook of applied cryptography, page 230 >
Received on Saturday, 10 November 2001 00:20:15 UTC