hi,
thank you for the reply.
There may be an even better way.All we need is to add some salt at the end of the pass phrase and hash it,we can use MT here for generating some noise.Then one SHA round would suffice to produce the key and the cryptanalyst learns nothing more and is also secure from dictinary attacks.Block operations like those in SHA also have the property that even a change in one bit of the input will bring about a change in half of the message digest.Don't forget about dictionary attacks. If someone wants to mount a dictionary attack, he would have to spend much time hashing each word in the dictionary. This will slow down the attack, because this operation would have to be performed many times, but it doesn't noticably slow down DigiSecret, because this operation is performed only once. Goog design here, IMHO.
Just a s***estion,wouldn't really make much of a difference when computers are so fast.
Yes we cant decrypt without the IV's but if the IV is just appended to the archive,the attacker can use this IV and derive the original cipher text and he can suceessfully perform block replay attacks on the cipher text.IV is not secret, the last time I read Applied Cryptography by Schneier:-) It is always prepended to cyphertext, you can't decrypt without it.
Then a common seed would be visible to the interceptor. Doesn't make difference.
Just like in digisecret the pass phrase to be communicated with the receiver to decrypt the text,the common seed also should be shared. MT****7 has a period of 2^****7-just one shared seed will be able to generate enough IV's for many years.Since mt's sequence is equivalent to a LFSR implementation-given enough IV's the attacker can predict the sequence.So theses IV's should be hashed and the hashed IV's need to be used as the derived IV for cbc mode.
If the derived IV is just appended some place the attacker can still perform the block replay and the purpose if using an IV itself is beaten.
More over a smaller period generator like Taus 88 would do instead of MT. 2^80 IV's which is the period of the generator should be sufficient for an application for a life time.
Regards Data.
Reply With Quote