[OTR-dev] Forward secrecy/deniability for long messages with low overhead

Ileana ileana at fairieunderground.info
Fri Feb 22 15:44:54 EST 2013


On Fri, 22 Feb 2013 14:47:14 -0300
Sergio Lerner <sergiolerner at certimix.com> wrote:

> BUFFER1[0]=IVK1
> BUFFER1[i] =Hash(BUFFER1[i-1])
> 
> BUFFER2[0]=IVK2
> BUFFER2[i] =Hash(BUFFER2[i-1])
> 
> Encryption: C = AES(EK,BUFFER1[i] XOR BUFFER2[i]) XOR P
And also the security of the hash concatenation in this case provides
no greater security/entropy then the highest hash...in particular
the xor in this case reduces effective randomness of the hash, by
create a seperate function f(i) = hash(yi) xor hash(zi), where y
and z are dependant values...so why two hash buffers?  The value of xor
of two non-random data values, further decreases the entropy?




More information about the OTR-dev mailing list