On Wed, 11 Sep 2013 20:01:28 -0400 Jerry Leichter <leich...@lrw.com> wrote: > > ...Note that if you still transmit the IVs, a misimplemented > > client could still interoperate with a malicious counterparty > > that did not use the enforced method for IV calculation. If you > > don't transmit the IVs at all but calculate them, the system will > > not interoperate if the implicit IVs aren't calculated the same > > way by both sides, thus ensuring that the covert channel is > > closed.
> Ah, but where did the session and IV-generating keys come from? > The same random generator you now don't trust to directly give you > an IV? Certainly, but if you remove most or all covert channels, you've narrowed the problem down to auditing the RNG instead of having to audit much more of the system. It is all a question of small steps towards better assurance. No one measure will fix everything. -- Perry E. Metzger pe...@piermont.com _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography