>
> Ok, instead of starting off the Document-header with the crypto key itself,
> let's start it with the SHA1 hash of the crypto key, so Document-header
> looks like:
>
> <2 bytes, byte length of crypto key hash, i.e. 0x0014>
Just use one byte, a hash has no real business producing more than 2048
bits of output.
> <20 bytes crypto key hash>
> <2 bytes, byte length of data length field>
> <big endian data length>
> <2 bytes, byte length of metadata length field>
> <big endian metadata length>
>
> Now if my limited understanding of crypto is correct, arranging it so
> the plaintext to be encrypted begins with the hash of the crypto key
> is just as good as initializing the IV with some hash function of
> the crypto key, so we can leave the IV initialized to all zeroes,
> right?
Yes, that should be safe, that would give the IV 120 bits of randomness.
Scott
_______________________________________________
Devl mailing list
[EMAIL PROTECTED]
http://lists.freenetproject.org/mailman/listinfo/devl
