Bill Sommerfeld wrote: > On Wed, 2008-01-16 at 11:56 +0000, Darren J Moffat wrote: >> wrappedkey=<private binary format> >> >> Actual key (length determined by encryption property) >> wrapped using AES_CBC_PAD using pool guid as the IV. > > this looks like poor crypto hygiene. > > this seems to imply multiple wrappedkeys (different dataset, same pool) > will be encrypted using the same IV. the point of an IV is that is > different for every encryption -- if I repeatedly encrypt the same > message over and over, an attacker can't tell I'm sending the same > message because the IV is always changing and thus the ciphertext will > on average have at least half of its bits different from any other > message of the same size.
Sorry that is a typo I meant the dataset guid as the IV not the pool guid - for exactly that reason. -- Darren J Moffat
