On Tue, 10 Sep 2013 17:04:04 -0400 Jerry Leichter <leich...@lrw.com> wrote: > Phil Rogoway has a paper somewhere discussing the right way to > implement cryptographic modes and API's.
It would be useful to get a URL for it. > In particular, he recommends changing the definition of CBC from: > > E_0 = IV # Not transmitted > E_{i+1} = E(E_i XOR P_{i+1}) > > to > > E_0 = E(IV) # Not transmitted > E_{i+1} = E(E_i XOR P_{i+1}) You make no mention there of whether the key used to encrypt the IV is the same as that used for the plaintext. I presume if you need a lot of IVs (see protocols like IPsec), and have enough key material, a second key might be of value for that -- but I don't know what all the ins and outs are, and would prefer to read the literature... Perry -- Perry E. Metzger pe...@piermont.com _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography