[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Summary - IV field in DES-CBC mode




> From ipsec-request@ans.net Mon Dec 19 15:04 PST 1994
> Options for shorter IV for IPSP DES-CBC modes of operation:
> 
> !   1) PAD with zeros ...
> !   2) PAD with a fixed (non-zero) pattern
> !!  3) use the SAID also (to get to 8-bytes)
>     4) PAD with SAID determined bits (secret to outside observer)
>     5) expand (with MD5) to 8-bytes
> X   6) use part of IP address
> !!  7) duplicating the 32 bits in each half of the IV
> 
> This leaves options 1, 2, 3 and 7.
> 
> I am partial to option 3, using the SAID as part of the IV.  Some DES 
> implementations expect the IV to be "in front" of the encrypted data.  
> 
> Option 7 also seems quite simple...

I prefer option 7 (let's keep it simple).

Regards,
Ashar.