17 Apr
2003
17 Apr
'03
7:56 p.m.
This is what I feared of, and what I hoped someone from here will figure out sooner... ---------- Forwarded message ---------- Date: Fri, 18 Apr 2003 00:55:10 +0200 (MEST) Subject: [speak-freely] (#62) initialization vector - weak crypto ? From: Speak Freely Forum <sfforum@fourmilab.ch> To: speak-freely@fourmilab.ch Message posted to the Speak Freely Forum by anon on Fri, 18 Apr 2003 00:55:10 +0200 (MEST). http://www.fourmilab.ch/wb/speak-freely.pl?rev=62 It seems that for each CBC packet the same initialization vector 0 is used! This likely weakens the crypto and might enable an attacker to break the encryption: According to rfc2405/rfc2451 the IV in CBC-mode must not be predictable.