Bill Frantz (frantz@netcom.com)
Wed, 7 Oct 1998 09:10:39 -0800
I looked at your protocol and only had one question which is about how you
are using your verification longword as an IV. I don't quite understand
how this works. I can see two possibilities:
(1) The verification longword is used as an IV and is stored in the clear
in "classic" CBC operation mode. In this case, I don't see how it can be
used as a verification word.
(2) The verification longword is encrypted with the rest of the data. In
this case there has to be a "real" IV which is applied to the first block
of the data (the verification code) before it is encrypted.
Assume case 2. In this case, the real IV is probably some constant.
Normally this is a no no for CBC mode, but in this case it may be all
right. The purpose of the IV in CBC mode is to reduce the quantity of
known plaintext available to the cryptoanalyst. Since the verification
code is selected randomly, the first block contains no known plaintext.
It's cyphertext is applied in normal CBC mode to the next block and so on,
so there is no known plaintext going into the underlying block cypher in
the resulting cyphertext.
I don't see any obvious holes, given my possible misinterpretation of what
you are doing.
-------------------------------------------------------------------------
Bill Frantz | If hate must be my prison | Periwinkle -- Consulting
(408)356-8506 | lock, then love must be | 16345 Englewood Ave.
frantz@netcom.com | the key. - Phil Ochs | Los Gatos, CA 95032, USA
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:15:20