[Authentication] Fwd: Re: Session negotiation
Michael Leupold
lemma at confuego.org
Thu Jul 16 01:45:16 PDT 2009
On Thursday 16 July 2009 01:46:17 Stef Walter wrote:
> Michael Leupold wrote:
> > I imagined the IV to be transmitted once during negotiation. The
> > constructed cipher would then be used in streaming mode. As far as I
> > understand it we wouldn't need to retransmit the iv as the service as
> > well as the client would just keep some handle to an encryption struct
> > around (eg. gcry_cipher_hd_t for gcrypt). Please tell me if I'm
> > completely getting this wrong.
>
> An IV can never be reused. Doing so, especially with short data like
> secrets a big security hole.
I wasn't talking about reuse, I was more or less considering the secrets to be
passed through a stream cipher that whose state was established on session
start. After trying I figured it's not the right approach though as while the
same secret encrypted over and over produces different encrypted results they
have to be manually padded/unpadded as apparently crypto libraries only
support padding on the last block encrypted (at least libqca does).
So yeah, we'll need the iv as parameter.
Regards,
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.freedesktop.org/archives/authentication/attachments/20090716/78a812e0/attachment.pgp
More information about the Authentication
mailing list