From owner-freebsd-hackers@FreeBSD.ORG  Thu Mar  3 21:51:15 2005
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0298716A4CE
	for <hackers@freebsd.org>; Thu,  3 Mar 2005 21:51:15 +0000 (GMT)
Received: from mail1.panix.com (mail1.panix.com [166.84.1.72])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B42FC43D1F
	for <hackers@freebsd.org>; Thu,  3 Mar 2005 21:51:14 +0000 (GMT)
	(envelope-from tls@rek.tjls.com)
Received: from panix5.panix.com (panix5.panix.com [166.84.1.5])
	by mail1.panix.com (Postfix) with ESMTP id DFDBF58B1C;
	Thu,  3 Mar 2005 16:51:13 -0500 (EST)
Received: (from tls@localhost)
	by panix5.panix.com (8.11.6p3/8.8.8/PanixN1.1) id j23LpEk13692;
	Thu, 3 Mar 2005 16:51:14 -0500 (EST)
Date: Thu, 3 Mar 2005 16:51:14 -0500
From: Thor Lancelot Simon <tls@rek.tjls.com>
To: tech-security@netbsd.org, hackers@freebsd.org,
	cryptography@metzdowd.com
Message-ID: <20050303215114.GA18604@panix.com>
References: <Pine.NEB.4.62.0503031625170.12890@server.duh.org>
	<11487.1109886334@critter.freebsd.dk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <11487.1109886334@critter.freebsd.dk>
User-Agent: Mutt/1.4.2.1i
X-Mailman-Approved-At: Fri, 04 Mar 2005 16:36:07 +0000
Subject: Re: FUD about CGD and GBDE
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: tls@rek.tjls.com
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Mar 2005 21:51:15 -0000

On Thu, Mar 03, 2005 at 10:45:34PM +0100, Poul-Henning Kamp wrote:
>
> Since the attacker know the block number the IV generation doesn't
> add strength.
> 
> In fact expose any weakness in the algorithm even more because it
> offers two-way leverage on the algorithm.
> 
> It also adds a very efficient hit-detector for a brute force attack.
> 
> It would have been much better to use a different key to generate the IV.
> 
> And did he salt the block number at all ?  I don't think so...

I think there's a misunderstanding here.  Why do you think secrecy
(unpredictability?) is an important property of an IV for a block
cipher used in CBC mode?  It's not an encryption key, it's an IV.
It just has to have a large Hamming difference from any _other_ IV
used with the same cipher key.

-- 
 Thor Lancelot Simon	                                      tls@rek.tjls.com

"The inconsistency is startling, though admittedly, if consistency is to be
 abandoned or transcended, there is no problem."		- Noam Chomsky