[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The CipherSaber Manifesto



On 9/24/97 8:42 PM, Antonomasia ([email protected])  passed this 
wisdom:

>[email protected] (Arnold Reinhold) wrote:
>
>> CipherSaber-1 (CS1) uses Ron Rivest's RC4 algorithm as published in
>> the second edition of Bruce Schneier's Applied Cryptography. ....
>
>> CipherSaber-1 is a symmetric-key file encryption system. Messaging
>> takes place by attaching binary files to e-mail. Because CipherSaber
>> uses a stream cipher, an initialization vector must be used to prevent
>> the same cipher key from being used twice. In encrypted CipherSaber-1
>> files, a ten byte initialization vector precedes the coded data. For
>> decryption, the initialization vector is read from the file and
>> appended to the user key before the key setup step.  ......
>
>Why not _prepend_ the IV to the key ?  As described here any
>paranoics who use keys > 255 chars won't get the IV in place, and
>will lose out.  I think I'd also force 4 bytes of the IV to be the
>current time, as a defence against the (P?)RNG getting me a repeated IV
>eventually.

  ... same thing occurred to me though its easy enough to test the key 
length and the truncate it at 246 issuing a warning to the user ...



Brian B. Riley --> http://www.macconnect.com/~brianbr
  For PGP Keys  <mailto:[email protected]?subject=Get%20PGP%20Key>

 "The idea that Bill Gates has appeared like a knight in shining     
  armour to lead all customers out of a mire of technological        
  chaos neatly ignores the fact that it was he who, by peddling      
  second-rate technology, led them into it in the first place.       
			-- Douglas Adams, on Windows '95