On 17 June 2013 13:25, Matt Caswell <fr...@baggins.org> wrote: >> >> Take a random IV, and use it. >> Encrypt a message, and save last cipher-text ( Let be C). >> Re-call EncryptInit using C as IV. >> > > IVs must be random and not predictable in advance. Using the last > block of a previous message as the IV for a subsequent message gives a > predictable IV. Predictable IVs are insecure against a certain class > of attacks (CPA attacks) e.g. the well known BEAST attack did exactly > that >
As a further thought on this you may wish to consider using CTR mode instead which does not have the predictable IV restriction. Your other alternative is to send an IV with every message. Matt ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
