[krbdev.mit.edu #2229] IV problem with AES (krb5-1.3.2 beta2)
Wyllys Ingersoll via RT
rt-comment at krbdev.mit.edu
Thu Feb 12 08:14:57 EST 2004
On Wed, 2004-02-11 at 20:32, Ken Raeburn wrote:
> Ugh. Good catch, thanks. I thought we were doing better about doing
> it at the lower level. *sigh*
>
> The DK code is going to have to stop updating the IV, but that means
> the 3DES code is probably going to have to start updating it, if it's
> not doing so already.
3DES does not appear to have the same problem. One (admittedly ugly)
fix would be to have dk_encrypt/decrypt check the enctype before
updating the IV and only do it for 3DES.
For AES, is it correct to use the final block as the next IV
(currently being done in dk_encrypt/decrypt) or the n-2 block
(which is what happens in aes.c) ? Because CTS is an odd mode
that swaps the final 2 blocks, it makes choosing the IV a little
trickier. Why was CTS chosen again??? :)
-Wyllys
>
> Ken
> _______________________________________________
> krb5-bugs mailing list
> krb5-bugs at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krb5-bugs
More information about the krb5-bugs
mailing list