From owner-freebsd-security Wed May 3 23:29:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from grimreaper.grondar.za (grimreaper.grondar.za [196.7.18.138]) by hub.freebsd.org (Postfix) with ESMTP id 4A0BA37BEBA for ; Wed, 3 May 2000 23:29:03 -0700 (PDT) (envelope-from mark@grondar.za) Received: from grimreaper.grondar.za (localhost [127.0.0.1]) by grimreaper.grondar.za (8.9.3/8.9.3) with ESMTP id IAA05648; Thu, 4 May 2000 08:28:52 +0200 (SAST) (envelope-from mark@grimreaper.grondar.za) Message-Id: <200005040628.IAA05648@grimreaper.grondar.za> To: Matthew Dillon Cc: "Andrew J. Korty" , security@FreeBSD.ORG Subject: Re: Cryptographic dump(8) References: <200005031718.KAA63329@apollo.backplane.com> In-Reply-To: <200005031718.KAA63329@apollo.backplane.com> ; from Matthew Dillon "Wed, 03 May 2000 10:18:40 MST." Date: Thu, 04 May 2000 08:28:52 +0200 From: Mark Murray Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Store something like this in the header: [ Good stuff snipped. ] > Storing a random sequence in the header that is MD5'd as well as > encrypted is very important because otherwise someone trying to break > the encryption can 'guess' at what the contents of the header was in > order to try to reverse-engineer the encryption. Yes! It is _very_ important that the random number is cryptographically secure, ant that it is first, so as to maximise the security of the block cipher. It is also important to use one of the "feedback" modes, to spread the entropy over the whole block, seeing that this block is of paramount importance. > Also, putting a random number in each block is important if each block > is separately encrypted, for the same reason. Correct. > Using /dev/random to obtain your random numbers is considered to be > acceptable. "Vital". M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message