Skip to content
Snippets Groups Projects
  1. Nov 17, 2011
    • akwizgran's avatar
      Ignore expected IVs that arrive by the wrong transport. · 66d973bc
      akwizgran authored
      This prevents an attacker from replaying connections to test whether a
      transport endpoint has the same owner as an endpoint on another
      transport (eg probing a Bluetooth device to see whether it has the
      same owner as a given internet host).
      66d973bc
    • akwizgran's avatar
      The KDF was using CTR mode unsafely. · 13ebd369
      akwizgran authored
      The data to be encrypted should go in the IV, with a blank
      plaintext, so that the ciphertext is equal to the keystream.
      
      Putting the data in the plaintext would have led to different keys
      derived from the same source consisting of the same keystream XORed
      with different guessable plaintexts. That would have been bad.
      13ebd369
  2. Nov 16, 2011
  3. Nov 15, 2011
  4. Nov 14, 2011
  5. Nov 08, 2011
  6. Oct 30, 2011
Loading