[cs631apue] SWS encryption questions

Jan Schaumann jschauma at stevens.edu
Mon Dec 19 14:18:56 EST 2011

Simon Sidhom <ssidhom at stevens.edu> wrote:

> I'm working on encryption for the final project and I have run into a
> couple of questions. First, setproctitle(3) is not installed on the linux
> lab as it is a BSD function. Is is sufficient to overwrite the argument in
> argv[key]?

As discussed in class, if done carefully then that is fine.

> My other concern is the initialization vector (IV). On the blowfish
> man page it says that the client needs to know the IV. It also says
> that some applications just use 0 as an IV. As a cyber security major
> I know that using 0 as an IV makes the encryption deterministic and
> therefore vulnerable to chosen plain text attack. Is it ok to look
> past that for the purpose of this assignment and just use 0? Is there
> a better way to let the client know what the IV is?

We discussed that in class, and the manual page elaborates on that.
That is, you generate a session-IV, ECB-encrypt it with the key and
prepend the cyphertext of the session-IV to the cyphertext of the

See the class slides and the provided manual page for more information.


More information about the cs631apue mailing list