[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Size of IV field in DES-CBC mode

To: uri@watson.ibm.com, karn@qualcomm.com
Subject: Re: Size of IV field in DES-CBC mode
From: hughes@hughes.network.com (James P Hughes)
Date: Mon, 19 Dec 1994 13:15:49 -0600
Cc: ipsec@ans.net

At  1:33pm 12/19/94 -0500, uri@watson.ibm.com wrote:
>Phil Karn says:
>> Do we really need a full 8 bytes for the IV field in the baseline
>> DES-CBC mode? 4 bytes would be enough to maintain 32-bit alignment of
>> the next-layer transport header (e.g., TCP, UDP or IP). And if these 4
>> bytes are mapped properly into the actual 8-byte DES IV field they
>> should do an acceptable job of ensuring that every packet ciphertext
>> is completely different even when the corresponding plaintext begins
>> with constant values (e.g., TCP or UDP port numbers).

What this means is that the number of packets until there are 2 with the
same IV is 65K packets. 2 packets with the same IV is not necessarily a
problem.


Jim

----------------------
James P Hughes <hughes@hughes.network.com>
Key fingerprint =  68 E7 D5 75 3C 88 86 71  D4 34 36 C3 8E DD 48 17

Follow-Ups:

Re: Size of IV field in DES-CBC mode

From: "Donald E. Eastlake 3rd (Beast)" <dee@skidrow.tay.dec.com>

Prev by Date: Re: key management
Next by Date: Re: Re[2]: Size of IV field in DES-CBC mode
Prev by thread: Re: Re[2]: Size of IV field in DES-CBC mode
Next by thread: Re: Size of IV field in DES-CBC mode
Index(es):
- Main
- Thread