On Wed, May 09, 2007 at 06:04:20PM -0400, Leichter, Jerry wrote: > However, cryptographically secure RNG's are typically just as expensive > as doing a block encryption. So why not just encrypt the IV once with > the session key before using it? (This is the equivalent of pre-pending > a block of all 0's to each packet.)
There's many ways to deal with it if you're willing to do more crypts per block. For example, you could derive an independent key and use that to encrypt a counter for IVs... becoming a cryptographically strong permutation... that'd work as long as you didn't send so many IVs that you ran through most of the cycle (the last value in the cycle is 100% predictable). -- Kill dash nine, and its no more CPU time, kill dash nine, and that process is mine. -><- <URL:http://www.subspacefield.org/~travis/> For a good time on my UBE blacklist, email [EMAIL PROTECTED]
pgpYqqeHkErOq.pgp
Description: PGP signature
