On Thu, Apr 19, 2007 at 10:32:58PM -0700, Aram Perez wrote:
> Hi Folks,
>
> First, thanks for all your answers.
>
> The proposal for using AES128-CBC with a fixed IV of all zeros is for a
> protocol between two entities that will be exchanging messages. This is being
> done in a "standards" body (OMA) and many of the attendees have very little
> security experience. As I mentioned, the response to my question of why would
> we standardize this was "that's how SD cards do it".
>
> I'll look at the references and hopefully convince enough people that it's a
> bad idea.
>
You still have not described the protocol, or how keys are used/managed.
The question has no answer outside the context of a specific protocol,
other than in general it is best practice to use random IVs or otherwise
unlikely to repeat IVs.
--
/"\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAIL Morgan Stanley confidentiality or privilege,
and use is prohibited.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
