Date: Thu, 3 Mar 2005 16:41:50 -0500 From: Thor Lancelot Simon <tls@rek.tjls.com> To: Poul-Henning Kamp <phk@phk.freebsd.dk> Cc: cryptography@metzdowd.com Subject: Re: FUD about CGD and GBDE Message-ID: <20050303214150.GA28836@panix.com> In-Reply-To: <11285.1109884555@critter.freebsd.dk> References: <87y8d4ih9b.fsf@snark.piermont.com> <11285.1109884555@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Mar 03, 2005 at 10:15:55PM +0100, Poul-Henning Kamp wrote: > > And if CGD is _so_ officially approved as you say, then I can not > for the life of me understand how it can use the same key to generate > the IV and perform the encryption. At the very least two different > keys should have been used at the "expense" of making the masterkey > 512 bits instead of 256. Why "should" two different keys have been used? It is possible that I misunderstand the underlying theory, but so far as I do understand it the only real requirement for IVs is that the Hamming distance between any two used with the same encryption key be large. Are you concerned about a key recovery attack? If so, can you give an outline of how it would work? -- Thor Lancelot Simon tls@rek.tjls.com "The inconsistency is startling, though admittedly, if consistency is to be abandoned or transcended, there is no problem." - Noam Chomsky
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050303214150.GA28836>