Bill Sommerfeld wrote: > On Thu, 2008-01-17 at 10:06 +0000, Darren J Moffat wrote: >> Sorry that is a typo I meant the dataset guid as the IV not the pool >> guid - for exactly that reason. > > That still sounds like you'll be doing IV reuse when you rekey (I > realize rekey isn't all there yet).
Good point. Rekey for phase 1 is basically unwrap and rewrap with the new key, so you are correct that the same IV would be getting used with the same cleartext and a different key. > Would it be too difficult to add a key version number or equivalent? I think that would be easy enough to add in as part of the IV. -- Darren J Moffat
