> From: Edward Ned Harvey > > I can't think of anything wrong with using the block number as the > IV, and then use ECB.
Oh yeah. I can think of something wrong with that. If an attacker knows the block number, and they have some intelligent guess about the plaintext, then they might be able to confirm their guess easily. This will certainly happen rather frequently in files that have large sequences of zeros, or other predictable patterns. If you want to be able to do random access... Take it as given you have some plaintext, and you have a key, and you know your context (you know what block number you're working on.) An attacker will also know what block number you're working on. The only things the attacker doesn't know is your key and your plaintext. There is only one solution. You must use a second key. Use your first key to encrypt the second key (so an attacker can hopefully never know either one of your keys.) Use your second key combined with the block number (I suggest encrypting or hashing the block number using the second key, but simple AND or XOR should also be fine) and use the resultant data as the IV for your actual encryption operation. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
