Richard Levitte - VMS Whacker wrote:
Whatever, I used the terms like this:
- IV is a bitstring of some sort (possibly random), of the same size
as the crypto algorithm block. In the AES case, it would be 128
bits.
- For CTR mode, the counter is a part of the IV. The rest of the IV
is some kind of random bits (a nonce).
Those are the conditions I'm working from. Makes sense?
Completely. If we have confidence in the cipher and the secrecy
of the key, make the "nonce" all zeroes. There's good reason for not
doing this in the case of IPsec, but not for SSL/TLS.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]