[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The CipherSaber Manifesto
On 9/24/97 8:42 PM, Antonomasia (ant@notatla.demon.co.uk) passed this
wisdom:
>reinhold@world.std.com (Arnold Reinhold) wrote:
>
>> CipherSaber-1 (CS1) uses Ron Rivest's RC4 algorithm as published in
>> the second edition of Bruce Schneier's Applied Cryptography. ....
>
>> CipherSaber-1 is a symmetric-key file encryption system. Messaging
>> takes place by attaching binary files to e-mail. Because CipherSaber
>> uses a stream cipher, an initialization vector must be used to prevent
>> the same cipher key from being used twice. In encrypted CipherSaber-1
>> files, a ten byte initialization vector precedes the coded data. For
>> decryption, the initialization vector is read from the file and
>> appended to the user key before the key setup step. ......
>
>Why not _prepend_ the IV to the key ? As described here any
>paranoics who use keys > 255 chars won't get the IV in place, and
>will lose out. I think I'd also force 4 bytes of the IV to be the
>current time, as a defence against the (P?)RNG getting me a repeated IV
>eventually.
... same thing occurred to me though its easy enough to test the key
length and the truncate it at 246 issuing a warning to the user ...
Brian B. Riley --> http://www.macconnect.com/~brianbr
For PGP Keys <mailto:brianbr@together.net?subject=Get%20PGP%20Key>
"The idea that Bill Gates has appeared like a knight in shining
armour to lead all customers out of a mire of technological
chaos neatly ignores the fact that it was he who, by peddling
second-rate technology, led them into it in the first place.
-- Douglas Adams, on Windows '95