[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Size of IV field in DES-CBC mode

To: karn@qualcomm.com
Subject: Re: Size of IV field in DES-CBC mode
From: uri@watson.ibm.com
Date: Mon, 19 Dec 1994 13:33:10 -0500 (EST)
Cc: ipsec@ans.net
In-Reply-To: <199412191048.CAA01748@unix.ka9q.ampr.org> from "Phil Karn" at Dec 19, 94 02:48:13 am
Reply-To: uri@watson.ibm.com

Phil Karn says:
> Do we really need a full 8 bytes for the IV field in the baseline
> DES-CBC mode? 4 bytes would be enough to maintain 32-bit alignment of
> the next-layer transport header (e.g., TCP, UDP or IP). And if these 4
> bytes are mapped properly into the actual 8-byte DES IV field they
> should do an acceptable job of ensuring that every packet ciphertext
> is completely different even when the corresponding plaintext begins
> with constant values (e.g., TCP or UDP port numbers).

I'd say 4 bytes is enough. And if needed - they can be mapped onto
8 bytes (expanded) relatively cheaply.
--
Regards,
Uri         uri@watson.ibm.com      N2RIU
-----------
<Disclamer>

References:

Size of IV field in DES-CBC mode

From: Phil Karn <karn@unix.ka9q.ampr.org>

Prev by Date: Re[2]: Human I&A, IPsec, and their non-relationship
Next by Date: Re: Clarification: NRP's licensing status & IKMP
Prev by thread: Re: Size of IV field in DES-CBC mode
Next by thread: Re: Size of IV field in DES-CBC mode
Index(es):
- Main
- Thread