[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Summary - IV field in DES-CBC mode
> From ipsec-request@ans.net Mon Dec 19 15:04 PST 1994
> Options for shorter IV for IPSP DES-CBC modes of operation:
>
> ! 1) PAD with zeros ...
> ! 2) PAD with a fixed (non-zero) pattern
> !! 3) use the SAID also (to get to 8-bytes)
> 4) PAD with SAID determined bits (secret to outside observer)
> 5) expand (with MD5) to 8-bytes
> X 6) use part of IP address
> !! 7) duplicating the 32 bits in each half of the IV
>
> This leaves options 1, 2, 3 and 7.
>
> I am partial to option 3, using the SAID as part of the IV. Some DES
> implementations expect the IV to be "in front" of the encrypted data.
>
> Option 7 also seems quite simple...
I prefer option 7 (let's keep it simple).
Regards,
Ashar.