[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Internet Protocol Security Protocol (ipsec)



At  9:44 AM 6/29/93 +1000, Bob Smart wrote:
...

>If everyone else on this list is familiar with the phrase "unpredictable
>error propogation" then obviously I'm a bit behind
...
>Let me guess. Unpredictable error propogation means that if someone 
>changes a bit in a packet then the decrypted stream will not just
>be temporarily wrong but will stay completely wrong from then on.
>This increases the chance that the underlying process will die
>rather than do something subtly wrong.

>Bob Smart

Bob,

Steve Bellovin has already replied to you about this, but I thought a
little more background might be useful to you or other people on the list:


DES specifies the Data Encryption Algorithm (DEA).  DEA uses a 64-bit key,
of which 56 bits are independently chosen and 8 are parity bits, to
encipher or decipher a 64-bit block, mapping it into another 64-bit block.

There are four standard methods, or *modes*, for incorporating DES in a
cryptographic system; two are block methods and two are stream methods
[FIPS81].  In *block encipherment* methods, the input to the algorithm is
the cleartext block to be enciphered, and the output is a ciphertext block.
 *Stream encipherment* methods use the algorithm to generate a stream of
pseudo-random bits, and then use the exclusive-OR operation to combine that
stream with the cleartext input stream, yielding the ciphertext output
stream.

The DES block modes are Electronic Codebook (ECB) mode, which separately
enciphers each cleartext block as specified in DEA, and Cipher Block
Chaining (CBC) mode, which exclusive-ORs each ciphertext output block with
the next cleartext block to form the next input block.  ECB mode is not
recommended for use in enciphering user data because, for example, data
patterns aligned on 8-byte boundaries are easily discerned in this mode. 
Instead, ECB mode should be used only for encipherment of keys or IVs.  The
chaining in CBC mode avoids block alignment problem, so that CBC is
suitable for direct encipherment of user data.  Both modes provide
unpredictable error extension within an 8-byte block.  CBC provides some
further (but predictable) error propogation, because the chaining of blocks
causes a ciphertext bit change to be extended over additional cleartext
bits when the chained block is deciphered.  This feature can help protect
against active wiretapping.  The DES stream modes are Cipher Feedback (CFB)
mode, which also uses chaining and causes unpredictable error extension,
and Output Feedback (OFB) mode, which does not.

[FIPS46]  U.S. Department of Commerce, *Data Encipherment Standard*, FIPS
[Federal Information Processing Standards Publication] 46, 15 January 1977.

[FIPS81]  -----, *DES Modes of Operation*, FIPS 81, 2 December 1980.