[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DES Cryptanalysis
Kevin L. Prigge writes:
> I'm looking for pointers, or perhaps an explanation of the statement
> I found in Applied Cryptography (section 9.6) where it implies
> that if the IV is not unique in CFB mode, the cryptanalyst can recover the
> plaintext.
>
> The reason that this interests me is that I have a file, encrypted
> with DES in CFB mode. I believe I know the first 8 bytes of plaintext
> and I also know the IV used.
I don't believe you have much cause for hope here. The IV usually accompanies
the ciphertext in the clear. Knowing the first 8 bytes of plaintext gives you
precious little additional information in CFB mode, for the purposes of
decryption. (It looks like you might be able to reconstruct the ciphertext
of the encrypted IV, giving you a single plaintext/ciphertext pair, but that's
about it....)
Generally it's advisable to use a different IV for each encryption to avoid
correlations between the ciphertexts for plaintexts that have the same
prefix. If you always used the same IV, then two messages that start with the
same text would encrypt to the same initial piece of ciphertext. (This is not
the only reason, but I think it's the main one.)
-Futplex <[email protected]>