Re: Granularity of authentication in swIPe

[ashar@miraj.firstperson.com (Ashar Aziz)]

>From: Phil Karn <karn@qualcomm.com>
>From ipsec-request@ans.net Thu Jun 23 14:53:41 1994
>Seems to me that if I were so stupid as to actually want to use
>Skipjack for IP packet encryption, I could program the chip to operate
>in ECB mode and do my own cipher block chaining in software. In this case
>the IPSEC sequence field automatically acts as an IV.
>
>Now if my understanding is correct that it takes 50ms to initialize
>the IV in a Capstone chip just so I can have it do CBC in hardware,
>then I couldn't handle more than 20 packets per second, which is
>pretty abysmal.

Is there any reason why one couldn't perfom CBC across packets,
by using the last block-size bits of the last encrypted packet as
the "IV" for the next? Instead of generating a new pseudo-random
IV for every packet?

This way, if packets came in sequence, there would be no
need to re-load the IV into the crypto hardware. Only if
packets came out of sequence would this need to be done.

Assuming, of course, that the crypto hardware allows this
sort of streaming of input data; namely load (key, iv),
decrypt pkt, decrypt pkt, etc.

Ashar.

---

Follow-Ups:

• Re: Granularity of authentication in swIPe
• From: Steve Kent <kent@BBN.COM>

---

• Prev by Date: Re: Granularity of authentication in swIPe
• Next by Date: Re[4]: Granularity of authentication in swIPe
• Prev by thread: Re: Granularity of authentication in swIPe
• Next by thread: Re: Granularity of authentication in swIPe
• Index(es):
  • Main
  • Thread