From: "Brian B. Riley" <brianbr@together.net>
Date: Sat, 27 Sep 1997 12:22:49 +0800
To: <cypherpunks@ssz.com>
Subject: Re: The CipherSaber Manifesto
Message-ID: <199709252040.QAA11837@mx01.together.net>
MIME-Version: 1.0
Content-Type: text/plain



On 9/24/97 8:42 PM, Antonomasia (ant@notatla.demon.co.uk)  passed this 
wisdom:

>reinhold@world.std.com (Arnold Reinhold) wrote:
>
>> CipherSaber-1 (CS1) uses Ron Rivest's RC4 algorithm as published in
>> the second edition of Bruce Schneier's Applied Cryptography. ....
>
>> CipherSaber-1 is a symmetric-key file encryption system. Messaging
>> takes place by attaching binary files to e-mail. Because CipherSaber
>> uses a stream cipher, an initialization vector must be used to prevent
>> the same cipher key from being used twice. In encrypted CipherSaber-1
>> files, a ten byte initialization vector precedes the coded data. For
>> decryption, the initialization vector is read from the file and
>> appended to the user key before the key setup step.  ......
>
>Why not _prepend_ the IV to the key ?  As described here any
>paranoics who use keys > 255 chars won't get the IV in place, and
>will lose out.  I think I'd also force 4 bytes of the IV to be the
>current time, as a defence against the (P?)RNG getting me a repeated IV
>eventually.

  ... same thing occurred to me though its easy enough to test the key 
length and the truncate it at 246 issuing a warning to the user ...



Brian B. Riley --> http://www.macconnect.com/~brianbr
  For PGP Keys  <mailto:brianbr@together.net?subject=Get%20PGP%20Key>

 "The idea that Bill Gates has appeared like a knight in shining     
  armour to lead all customers out of a mire of technological        
  chaos neatly ignores the fact that it was he who, by peddling      
  second-rate technology, led them into it in the first place.       
			-- Douglas Adams, on Windows '95