What risks does using a predictable IV bring?
Background: I am interested in writing an encrypting swap driver for
Linux using a fast cipher in CBC mode keyed from /dev/random at boot
time.
I considered using a hash of the block number of the swap partition
and some extra bytes pulled from /dev/random as the IV, but this may
be overkill.
Would the system be weakened if I was to use just the block number?
Regards,
Damien Miller
--
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: [EMAIL PROTECTED] (home) -or- [EMAIL PROTECTED] (work)
