On Wed, Apr 25, 2007 at 05:42:44PM -0500, Nicolas Williams wrote: > A confounder is an extra block of random plaintext that is prepended to > a message prior to encryption with a block cipher in CBC (or CTS) mode; > the resulting extra block of ciphertext must also be sent to the peer.
Not true. Since we are comparing confounders to IVs, let's make identical assumptions; that the value is somehow agreed upon in advance. Then, one need not send it; the receiver can compute C_(i-1) = E_k(confounder) without actually having it sent to him, and from there continue decryption with P_i = C_(i-1) xor D_k(C_i) and so on. > If the > IV chained across continguous messages as in SSHv2 then you have a > problem (see above). I don't fully understand what it means to have IVs chained across contiguous (?) messages, as in CBC mode each ciphertext block forms the "IV" of the block after it, effectively; basically an IV is just C_0 for some stream. -- Kill dash nine, and its no more CPU time, kill dash nine, and that process is mine. -><- <URL:http://www.subspacefield.org/~travis/> For a good time on my UBE blacklist, email [EMAIL PROTECTED]
pgp5R1OqVH44H.pgp
Description: PGP signature
