On Tue, Apr 17, 2012 at 7:59 AM, Edward Ned Harvey <open...@nedharvey.com> wrote: >> From: owner-openssl-us...@openssl.org [mailto:owner-openssl- >> us...@openssl.org] On Behalf Of Edward Ned Harvey >> >> attacker doesn't know is your key and your plaintext. There is only one >> solution. You must use a second key. Use your first key to encrypt the >> second key (so an attacker can hopefully never know either one of your >> keys.) Use your second key combined with the block number (I suggest >> encrypting or hashing the block number using the second key, but simple >> AND >> or XOR should also be fine) and use the resultant data as the IV for your >> actual encryption operation. > > I don't see any reason why the second key couldn't match the first. You > could simply encrypt the block number, and use the result as the IV when you > encrypt your actual data block, using ECB. This is effectively > reimplementing CBC, where you don't make individual blocks dependent on each > other - instead you make each individual block dependent only on its block > number, where you're using the block number as the preceding block of data, > and the *only* preceding block of data. Sounds more like counter mode to me.
> Every block number is guaranteed > unique and independent, so you're able to do random access, and since there > are never any repeats, there will never be any repeated cipherblocks, even > if there is repeated plaintext. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
