On Wed, Apr 25, 2007 at 10:58:01PM -0500, Travis H. wrote: > On Wed, Apr 25, 2007 at 05:42:44PM -0500, Nicolas Williams wrote: > > A confounder is an extra block of random plaintext that is prepended to > > a message prior to encryption with a block cipher in CBC (or CTS) mode; > > the resulting extra block of ciphertext must also be sent to the peer. > > Not true. Since we are comparing confounders to IVs, let's make identical > assumptions; that the value is somehow agreed upon in advance.
The term "confounder" as used in Kerberos V is as I described. > > If the > > IV chained across continguous messages as in SSHv2 then you have a > > problem (see above). > > I don't fully understand what it means to have IVs chained across > contiguous (?) messages, as in CBC mode each ciphertext block forms > the "IV" of the block after it, effectively; basically an IV is just > C_0 for some stream. The last ciphertext block of one message is the IV for the next. Nico -- --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
