Hi Folks, First, thanks for all your answers.
The proposal for using AES128-CBC with a fixed IV of all zeros is for a protocol between two entities that will be exchanging messages. This is being done in a "standards" body (OMA) and many of the attendees have very little security experience. As I mentioned, the response to my question of why would we standardize this was "that's how SD cards do it". I'll look at the references and hopefully convince enough people that it's a bad idea. Thanks again, Aram Perez --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
