> are suggesting at this time that IV values are somehow accessible from any > node (e.g. saved to decoratedMap/memcachedMap?)
I'm working on a couple unrelated problems at present and the NIST docs make it pretty clear that the IV generally should be unique for each cleartext encrypted under the same key, in other words the IV should be dynamic, which means it MUST be stored along with the cleartext. I'm thinking since it amounts to solving the same problem as you noted, might as well improve security at the same time. Additionally, the IV may be transmitted in cleartext along with the ciphertext without compromising security, so the simplest solution is to prepend the IV to the ciphertext. The length of the IV must be the same size as the block length of the underlying cipher, so you should know how many bites to read off the data to get the IV needed for decryption. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
