On 11/09/13 01:36 AM, Jerry Leichter wrote:
(Generating a different one for this purpose is pointless - it would have to be
random, in which case you might as well generate the IV randomly.)
In a protocol I wrote with Zooko's help, we generate a random IV0 which
is shared in the key exchange.
http://www.webfunds.org/guide/sdp/sdp1.html
Then, we also move the padding from the end to the beginning, fill it
with a non-repeating length-determined value, and expand it to a size of
16-31 bytes. This creates what is in effect an IV1 or second
transmitted IV.
http://www.webfunds.org/guide/sdp/pad.html
iang
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
