Re: Size of IV field in DES-CBC mode

["Donald E. Eastlake 3rd (Beast)" <dee@skidrow.tay.dec.com>]

2**16 = 65K
2**32 = 4 gig

If it would be a good thing to pad the IV to 8 bytes with the source
address for multicast, why not always do that?  (And actually, since I
think we should make some effort for commonality with IPv6, just say
its the "bottom 4 bytes" of the source address.)

Donald


From:  hughes@hughes.network.com (James P Hughes)
Mime-Version:  1.0
Content-Type:  text/plain; charset="us-ascii"
To:  uri@watson.ibm.com, karn@qualcomm.com
Cc:  ipsec@ans.net
>At  1:33pm 12/19/94 -0500, uri@watson.ibm.com wrote:
>>Phil Karn says:
>>> Do we really need a full 8 bytes for the IV field in the baseline
>>> DES-CBC mode? 4 bytes would be enough to maintain 32-bit alignment of
>>> the next-layer transport header (e.g., TCP, UDP or IP). And if these 4
>>> bytes are mapped properly into the actual 8-byte DES IV field they
>>> should do an acceptable job of ensuring that every packet ciphertext
>>> is completely different even when the corresponding plaintext begins
>>> with constant values (e.g., TCP or UDP port numbers).
>
>What this means is that the number of packets until there are 2 with the
>same IV is 65K packets. 2 packets with the same IV is not necessarily a
>problem.
>
>
>Jim
>
>----------------------
>James P Hughes <hughes@hughes.network.com>
>Key fingerprint =  68 E7 D5 75 3C 88 86 71  D4 34 36 C3 8E DD 48 17

---

Follow-Ups:

• Re: Size of IV field in DES-CBC mode
• From: Carl Muckenhirn <cfm@columbia.sparta.com>

References:

• Re: Size of IV field in DES-CBC mode
• From: hughes@hughes.network.com (James P Hughes)

---

• Prev by Date: Re: Size of IV field in DES-CBC mode
• Next by Date: Summary - IV field in DES-CBC mode
• Prev by thread: Re: Size of IV field in DES-CBC mode
• Next by thread: Re: Size of IV field in DES-CBC mode
• Index(es):
  • Main
  • Thread