[Top] [All Lists]

Re: Phil Zimmermann's suggestion for large ciphers

1999-04-13 00:51:00
uri <uri(_at_)watson(_dot_)ibm(_dot_)com> writes:

Make the "pseudo-IV" prefix partially non-random - i.e. the last two 
bytes being checksum for the other 14. No big deal security-wise and
noticeable help in detecting the right key.

I aggree as this will help detecting bad keys for conventional-only
encrypted data.

So? Compared to cost of one RSA or DSA operation, one SHA-1 is negligible.
Who cares?

Hashing 700 Mges takes a while and sometimes conventional only
encryption is used.  But IMHO it is worth this time.  If someone 
does not like it, he can still use packet type 9 and the specs 
shoudl say that an implemention SHOULD display a notice if a 
cipher >= 7 is used without a MDC. 

Werner Koch at            keyid 621CC013