[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IVs



how about inserting two or maybe four bytes of "confounder", a la Kerberos,
before the actual packet, and throwing them away after decryption?  Minimal
overhead, and they can be essentially random.

If a single PRNG is used to seed all the packets going out of an IPSP box,
the confounders will be even more random if it's talking to more than one
place...

_H*


Follow-Ups: