Re: Size of IV field in DES-CBC mode

[Carl Muckenhirn <cfm@columbia.sparta.com>]

In message <9412192002.AA05356@skidrow.tay.dec.com>  you wrote:
> 
> 2**16 = 65K
> 2**32 = 4 gig
> 

I think that Jim is refering to the Birthday Paradox, so given an evenly
distributed population of 2**32, the probability that a match will be found
exceeds 50% with a sample of sqrt(2**32) = 2**16. If we assume randomly
distributed IVs, then the expected sample should go to 1/2*(2**32)=2**31. 
Furthermore if we are talking about CBC, a one-up counter works just as well
as a random value (the only property of interest is change, not magnitude of
change) and we can use all 32 bits. (Again this is for CBC, other modes have
other concerns.)

> If it would be a good thing to pad the IV to 8 bytes with the source
> address for multicast, why not always do that?  (And actually, since I
> think we should make some effort for commonality with IPv6, just say
> its the "bottom 4 bytes" of the source address.)
> 
> Donald

I think that's a wonderful idea (always padding with source address). Using
the bottom 4 bytes of an IPv6 address may also work, though there may be some
IV-space clashes since they are not guaranteed to be different per-host as
IPv4 addrs are. Alternatively use the Senders SAID (we might even be able to
reduce the amount of bit shuffling if we put the SAID directly before the IV
(with no intervening bits).

carl.

---

References:

• Re: Size of IV field in DES-CBC mode
• From: "Donald E. Eastlake 3rd (Beast)" <dee@skidrow.tay.dec.com>

---

• Prev by Date: End to End integrity (was 4 byte vs 8 byte IVs for DES)
• Next by Date: Re: Address as IV [was] Size of IV field in DES-CBC mode
• Prev by thread: Re: Size of IV field in DES-CBC mode
• Next by thread: Re: Size of IV field in DES-CBC mode
• Index(es):
  • Main
  • Thread