Date: Wed, 10 Mar 1999 08:55:24 -0800
From: David Brownell <David.Brownell@eng.sun.com>
To: Frank.Yellin@eng.sun.com
Subject: Re: FCS coming up?
Frank Yellin wrote:
>
> Too many built-in classes,
> like SealedObject, save the algorithm parameter is clear text, since they
> know it is needed for decryption.
Ah -- if an object is encrypted with DES, a cleartext IV gives
up all the virtue that was to be derived from an IV! Namely,
to significantly increase the difficulty of a brute force search.
Having IVs in cleartext is the wrong model to follow.
- Dave