On Tuesday 08 January 2002 10:04, Christian Geuer-Pollmann wrote: > about the use of the IV in block encryption in CBC mode: > [Menezes/Orschoot/Vanstone] state in Remark 7.16 (integrity if IV in > CBC): > > "While the IV in the CBC mode need not be secret, its > integrity should be protected, since malicious > modifications thereof allows an adversary to make > predictable bit changes to the first plaintext > block recovered." Is this specified as a distinct mode from CBC? I'm most comfortable doing things that have been well specified and already used. So I prefer we say CBC IV doesn't give integrity (nor must the IV be secret) but there are other modes and approaches. If a CBC with ECB encrypted IVs is specified, reviewed, and used then I'd be interested in using that, but I'm not sure we should specify it... (See the new 6.3) -- Joseph Reagle Jr. http://www.w3.org/People/Reagle/ W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature/ W3C XML Encryption Chair http://www.w3.org/Encryption/2001/Received on Thursday, 17 January 2002 18:28:27 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:13:07 UTC