Werner Koch, <wk(_at_)isil(_dot_)d(_dot_)shuttle(_dot_)de>, writes:
However, to come to a solution we should use the
IV|checkbytes|plaintext|SHA1
proposal and assign a new packet type to it (and add a version number
just in case we want to change it again).
How do we handle secret key material encryption with 128 bit
blocksizes? Increase the IV in the packet to the blocksize or keep
it at 8 bytes?
I think for consistency and simplicity we should have all IVs be the
cipher's blocksize. In the old-style encryption packets this is a
necessity, as I pointed out earlier. It also simplifies implementation
in that you can just point at the IV in the packet and load it into
the cipher. With 8 byte IVs I had to move the 8 bytes into a buffer
and zero the other 8 bytes to have a nice 16-byte block of data that I
could pass to the encryption algorithm.
Hal