On Mon, Feb 22, 2010 at 08:45:47AM +0800, Herbert Xu wrote: > > How about this? You extend the IV by one more byte, and use that > byte as a boolean flag to indicate whether the IV is valid. All > users that cannot supply their own IVs can then set the IV to zero. > > When you see the zero flag in the IV, you reinitialise the IV per > the key. In fact for arc4 we could just drop the key altogether since it plays no part after setting the initial state. > > salsa also does not stick to plan here. ctx->input[6-9] is initialized > > in encrypt() path. So two threads sharing a ctx are going to clobber > > their state. > > Salsa should also be fixed. For Salsa on the other hand the key is rather useful since all we need is a two-byte IV that's just a sequence number. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html