Beating a dead horse

Frank Yellin (fy@awe181-20.Sun.COM)
Tue, 9 Mar 1999 20:19:57 -0800

Date: Tue, 9 Mar 1999 20:19:57 -0800
Message-Id: <199903100419.UAA00472@awe181-20.>
From: Frank Yellin <fy@awe181-20.Sun.COM>
To: java-security@java.sun.com
Subject: Beating a dead horse

I'm sorry to be beating a dead horse, but an interesting problem occurred
to me as I was driving home this evening:

According to what I've been told in the last couple of days,

A. cipher = Cipher.getInstance("DES/ECB/...");
cipher.init(ENCRYPT_MODE, secretKey)

is allowed to use randomly generated values, or implimentation specific
values, to initialize any part of the cipher that hasn't been specified,
such as the IV.

In the documentation for key exchange among two parties:

B. Alice and Bob can share a secret key by performing
a Diffie-Hellman key exchange, and then each . . . .

desCipher = Cipher.getInstance("DES/ECB/....");
desKey = keyAgreement.generateKey("DES");
desCipher.init(ENCRYPT_MODE, desKey);

[This is right out of the code example.]

The documentation says absolutely nothing about Alice needing to give
Bob her cipher.getParameters() information.

Yet according to (A) above, there is absolutely no reason to believe that
Alice and Bob have the same desCipher, since each >>could<< be initialized
with a random IV.

There's clearly an implicit assumption that for any cipher that allows key
exchange must also not have any randomly generated values or implementation
specific values.

If this implicit assumption is wrong, then the documentation needs to be
clearer about the fact that Alice and Bob need to do a bit more sharing
then most users would expect.

[Remember, this all got started because I was surprised that
cipher = Cipher.getInstance("DES/OFB8/....)
cipher.init(DECRYPT_MODE, key)
didn't do the obvious thing.]

== Frank