[cs631apue] SWS encryption questions
Jan Schaumann
jschauma at stevens.edu
Mon Dec 19 14:18:56 EST 2011
Simon Sidhom <ssidhom at stevens.edu> wrote:
> I'm working on encryption for the final project and I have run into a
> couple of questions. First, setproctitle(3) is not installed on the linux
> lab as it is a BSD function. Is is sufficient to overwrite the argument in
> argv[key]?
As discussed in class, if done carefully then that is fine.
> My other concern is the initialization vector (IV). On the blowfish
> man page it says that the client needs to know the IV. It also says
> that some applications just use 0 as an IV. As a cyber security major
> I know that using 0 as an IV makes the encryption deterministic and
> therefore vulnerable to chosen plain text attack. Is it ok to look
> past that for the purpose of this assignment and just use 0? Is there
> a better way to let the client know what the IV is?
We discussed that in class, and the manual page elaborates on that.
That is, you generate a session-IV, ECB-encrypt it with the key and
prepend the cyphertext of the session-IV to the cyphertext of the
output.
See the class slides and the provided manual page for more information.
-Jan
More information about the cs631apue
mailing list