[6668] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Predictable IVs

daemon@ATHENA.MIT.EDU (Damien Miller)
Sun Feb 27 14:27:29 2000

Date: Sun, 27 Feb 2000 23:36:17 +1100 (EST)
From: Damien Miller <djm@mindrot.org>
To: cryptography@c2.net
Message-ID: <Pine.LNX.4.10.10002272331001.737-100000@mothra.mindrot.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

What risks does using a predictable IV bring?

Background: I am interested in writing an encrypting swap driver for
Linux using a fast cipher in CBC mode keyed from /dev/random at boot
time.

I considered using a hash of the block number of the swap partition
and some extra bytes pulled from /dev/random as the IV, but this may
be overkill. 

Would the system be weakened if I was to use just the block number?

Regards,
Damien Miller

--
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm@mindrot.org (home) -or- djm@ibs.com.au (work)


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[6668] in cryptography@c2.net mail archive

Predictable IVs

daemon@ATHENA.MIT.EDU (Damien Miller)Sun Feb 27 14:27:29 2000

daemon@ATHENA.MIT.EDU (Damien Miller)
Sun Feb 27 14:27:29 2000