[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Resolution on large-block ciphers (e.g., TWOFISH), PGP7



>>>>> "Michael" == Michael Young <mwy-opgp97@the-youngs.org> writes:

 Michael> Yes, I meant Twofish, not Blowfish.  The draft I found at
 Michael> imc.org still says in section 5.5.3:
 >> - [Optional] If secret data is encrypted, eight-octet Initial
 >> Vector (IV).

 Michael> This should now read "an IV of the same length as the cipher
 Michael> block"?

Clearly yes.  The IV always must be the same size as the blocksize for
any block cipher.

 Michael> As Werner Koch pointed out last year, this will require an
 Michael> implementation to know the block size simply in order to
 Michael> parse the rest of the packet.  Given that the only material
 Michael> after the IV is the encrypted part, and thus won't be
 Michael> readable anyway without support for that cipher, I suppose
 Michael> this isn't all that serious.  But is there any intention to
 Michael> make the IV size self-describing for future ciphers, or is
 Michael> this the final plan?

Can't see any reason to change that.  You only need to know the IV if
you're going to decrypt.  And to do that clearly you must know the
cipher, which includes knowing its blocksize.

If you're not going to decrypt, you might as well consider the IV as
part of the encrypted message, since it doesn't contain any
interesting information.

      paul