Re: FCS coming up?

David Brownell (David.Brownell@eng.sun.com)
Wed, 10 Mar 1999 08:55:24 -0800

Date: Wed, 10 Mar 1999 08:55:24 -0800
From: David Brownell <David.Brownell@eng.sun.com>
To: Frank.Yellin@eng.sun.com
Subject: Re: FCS coming up?

Frank Yellin wrote:
>
> Too many built-in classes,
> like SealedObject, save the algorithm parameter is clear text, since they
> know it is needed for decryption.

Ah -- if an object is encrypted with DES, a cleartext IV gives
up all the virtue that was to be derived from an IV! Namely,
to significantly increase the difficulty of a brute force search.

Having IVs in cleartext is the wrong model to follow.

- Dave