On 9/24/97 8:42 PM, Antonomasia (ant@notatla.demon.co.uk) passed this wisdom:
reinhold@world.std.com (Arnold Reinhold) wrote:
CipherSaber-1 (CS1) uses Ron Rivest's RC4 algorithm as published in the second edition of Bruce Schneier's Applied Cryptography. ....
CipherSaber-1 is a symmetric-key file encryption system. Messaging takes place by attaching binary files to e-mail. Because CipherSaber uses a stream cipher, an initialization vector must be used to prevent the same cipher key from being used twice. In encrypted CipherSaber-1 files, a ten byte initialization vector precedes the coded data. For decryption, the initialization vector is read from the file and appended to the user key before the key setup step. ......
Why not _prepend_ the IV to the key ? As described here any paranoics who use keys > 255 chars won't get the IV in place, and will lose out. I think I'd also force 4 bytes of the IV to be the current time, as a defence against the (P?)RNG getting me a repeated IV eventually.
... same thing occurred to me though its easy enough to test the key length and the truncate it at 246 issuing a warning to the user ... Brian B. Riley --> http://www.macconnect.com/~brianbr For PGP Keys mailto:brianbr@together.net?subject=Get%20PGP%20Key "The idea that Bill Gates has appeared like a knight in shining armour to lead all customers out of a mire of technological chaos neatly ignores the fact that it was he who, by peddling second-rate technology, led them into it in the first place. -- Douglas Adams, on Windows '95