From owner-freebsd-security Thu May 4 11:22:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from verbal.uits.iupui.edu (dhcp-uits-18-12.uits.indiana.edu [129.79.18.12]) by hub.freebsd.org (Postfix) with ESMTP id EA1F237C1F4 for ; Thu, 4 May 2000 11:22:24 -0700 (PDT) (envelope-from ajk@iu.edu) Received: from localhost (ajk@localhost) by verbal.uits.iupui.edu (8.9.3/8.9.3) with ESMTP id NAA26504; Thu, 4 May 2000 13:20:12 -0500 (EST) (envelope-from ajk@iu.edu) X-Authentication-Warning: verbal.uits.iupui.edu: ajk owned process doing -bs Date: Thu, 4 May 2000 13:20:12 -0500 (EST) From: "Andrew J. Korty" X-Sender: ajk@verbal.uits.iupui.edu To: Mark Murray Cc: Matthew Dillon , security@FreeBSD.ORG Subject: Re: Cryptographic dump(8) In-Reply-To: <200005040628.IAA05648@grimreaper.grondar.za> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > Store something like this in the header: > > [ Good stuff snipped. ] > > > Storing a random sequence in the header that is MD5'd as well as > > encrypted is very important because otherwise someone trying to break > > the encryption can 'guess' at what the contents of the header was in > > order to try to reverse-engineer the encryption. > > Yes! It is _very_ important that the random number is cryptographically > secure, ant that it is first, so as to maximise the security of the block > cipher. It is also important to use one of the "feedback" modes, to spread > the entropy over the whole block, seeing that this block is of paramount > importance. I was under the impression that the CBC mode would also propagate this entry throughout the block. Must I use one of the feedback modes? -- Andrew J. Korty, Lead Security Engineer Office of the Vice President for Information Technology Indiana University To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message