Re: Address as IV [was] Size of IV field in DES-CBC mode

["Donald E. Eastlake 3rd (Beast)" <dee@skidrow.tay.dec.com>]

Paul:  That's a good point.

Uri: How much of a security gain do you really see from using a 64 bit
extract of the MD5 of this 32 bit quantity instead of, for example,
just duplicating the 32 bits in each half of the IV?

Donald

From:  Paul_Lambert-P15452@email.mot.com
To:  dee
Cc:  ipsec@ans.net
>
>Donald,
>
>Violating protocol layering is usually a bad idea.  Environments exist where an 
>end-system address may not follow the SAID end-to-end.  IP addresses are 
>supposed to be end-to-end, but many real systems translate the addresses.  
>
>Your proposed approach will not work for IPv4.  Is this a problem for IPv6?
>
>Paul
>_______________________________________________________________________________
>Subject: Re: Size of IV field in DES-CBC mode
>Author:  dee@skidrow.tay.dec.com@INTERNET
>Date:    12/19/94  2:02 PM
>
>X-Mts: smtp
>
>
>2**16 = 65K
>2**32 = 4 gig
>
>If it would be a good thing to pad the IV to 8 bytes with the source
>address for multicast, why not always do that?  (And actually, since I
>think we should make some effort for commonality with IPv6, just say
>its the "bottom 4 bytes" of the source address.)
>
>Donald

---

Follow-Ups:

• Re: Address as IV [was] Size of IV field in DES-CBC mode
• From: uri@watson.ibm.com
• Re: Address as IV [was] Size of IV field in DES-CBC mode
• From: uri@watson.ibm.com

References:

• Address as IV [was] Size of IV field in DES-CBC mode
• From: Paul_Lambert-P15452@email.mot.com

---

• Prev by Date: Summary - IV field in DES-CBC mode
• Next by Date: Re: Re[3]: Clarification: NRP's licensing status & IKMP
• Prev by thread: Address as IV [was] Size of IV field in DES-CBC mode
• Next by thread: Re: Address as IV [was] Size of IV field in DES-CBC mode
• Index(es):
  • Main
  • Thread