[Authentication] Session negotiation
Stef Walter
stef-list at memberwebs.com
Wed Jul 15 16:46:17 PDT 2009
Michael Leupold wrote:
> I imagined the IV to be transmitted once during negotiation. The constructed
> cipher would then be used in streaming mode. As far as I understand it we
> wouldn't need to retransmit the iv as the service as well as the client would
> just keep some handle to an encryption struct around (eg. gcry_cipher_hd_t for
> gcrypt). Please tell me if I'm completely getting this wrong.
An IV can never be reused. Doing so, especially with short data like
secrets a big security hole.
Cheers,
Stef
More information about the Authentication
mailing list