[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Address as IV [was] Size of IV field in DES-CBC mode
Paul: That's a good point.
Uri: How much of a security gain do you really see from using a 64 bit
extract of the MD5 of this 32 bit quantity instead of, for example,
just duplicating the 32 bits in each half of the IV?
Donald
From: Paul_Lambert-P15452@email.mot.com
To: dee
Cc: ipsec@ans.net
>
>Donald,
>
>Violating protocol layering is usually a bad idea. Environments exist where an
>end-system address may not follow the SAID end-to-end. IP addresses are
>supposed to be end-to-end, but many real systems translate the addresses.
>
>Your proposed approach will not work for IPv4. Is this a problem for IPv6?
>
>Paul
>_______________________________________________________________________________
>Subject: Re: Size of IV field in DES-CBC mode
>Author: dee@skidrow.tay.dec.com@INTERNET
>Date: 12/19/94 2:02 PM
>
>X-Mts: smtp
>
>
>2**16 = 65K
>2**32 = 4 gig
>
>If it would be a good thing to pad the IV to 8 bytes with the source
>address for multicast, why not always do that? (And actually, since I
>think we should make some effort for commonality with IPv6, just say
>its the "bottom 4 bytes" of the source address.)
>
>Donald
Follow-Ups:
References: