Date: Thu, 04 May 2000 08:28:52 +0200 From: Mark Murray <mark@grondar.za> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: "Andrew J. Korty" <ajk@iu.edu>, security@FreeBSD.ORG Subject: Re: Cryptographic dump(8) Message-ID: <200005040628.IAA05648@grimreaper.grondar.za> In-Reply-To: <200005031718.KAA63329@apollo.backplane.com> ; from Matthew Dillon <dillon@apollo.backplane.com> "Wed, 03 May 2000 10:18:40 MST." References: <200005031718.KAA63329@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Store something like this in the header: [ Good stuff snipped. ] > Storing a random sequence in the header that is MD5'd as well as > encrypted is very important because otherwise someone trying to break > the encryption can 'guess' at what the contents of the header was in > order to try to reverse-engineer the encryption. Yes! It is _very_ important that the random number is cryptographically secure, ant that it is first, so as to maximise the security of the block cipher. It is also important to use one of the "feedback" modes, to spread the entropy over the whole block, seeing that this block is of paramount importance. > Also, putting a random number in each block is important if each block > is separately encrypted, for the same reason. Correct. > Using /dev/random to obtain your random numbers is considered to be > acceptable. "Vital". M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005040628.IAA05648>