On 22/02/2013 05:44 p.m., Ileana wrote: > On Fri, 22 Feb 2013 14:47:14 -0300 > Sergio Lerner <sergioler...@certimix.com> wrote: > >> BUFFER1[0]=IVK1 >> BUFFER1[i] =Hash(BUFFER1[i-1]) >> >> BUFFER2[0]=IVK2 >> BUFFER2[i] =Hash(BUFFER2[i-1]) >> >> Encryption: C = AES(EK,BUFFER1[i] XOR BUFFER2[i]) XOR P > And also the security of the hash concatenation in this case provides > no greater security/entropy then the highest hash...in particular > the xor in this case reduces effective randomness of the hash, by > create a seperate function f(i) = hash(yi) xor hash(zi), where y > and z are dependant values...so why two hash buffers? The value of xor > of two non-random data values, further decreases the entropy? >
The idea of two buffers has nothing to do with security but with forward secrecy. Even if the attacker knows: BUFFER1[i] (the last computer state) BUFFER2[i] EK i C[0] .. C[i-1] (all past communications) P[i-1] (the last plaintext block sent) He cannot know P[i-2] because this means deriving BUFFER1[i-1] from (BUFFER1[i-1] XOR BUFFER2[i-1]) which is infeasible under the assumption that BUFFER1 and BUFFER2 are independent random variables. _______________________________________________ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
