Slide 50
Slide 50 text
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
D(k, 0) ^ c[0]
50
D(k,⋅) D(k,⋅)
D(k, c[0]) ^ k D(k, c[0]) ^ 0
⊕
⊕
D(k,⋅)
⊕
c[0] 0 c[0]
IV=Key
D(k,⋅)
p[0] p[1] p[2]
⊕
D(k,⋅)
⊕
D(k,⋅)
⊕
IV = Key
To recover the key, just XOR the first and third unencrypted bytes:
p’[0] ^ p’[2] = D(k, c[0]) ^ k ^ D(k, c[0]) ^ 0 = k