[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Size of IV field in DES-CBC mode



>Well, if you are on a gigabit network, you would run through all
>possibilities for only 32 bits of IV very, very fast. Of course, DES
>is likely a foolish choice for encrypting any serious traffic, anyway,
>but for 3DES it makes sense to have a reasonable sized IV.

Seems to me that you'd be foolish to encrypt as many as 4,294,967,296
packets in any cipher without changing session keys. Especially given
a simple and cheap mechanism for rekeying without necessarily having
to go through another DH exchange. In photuris you could simply place
a limit on the lifetime (in seconds and in packets) of a SAID. When
you reach this limit, you create a new security association (which
implies a new session key, since the SAID is an input to the hash
function) and destroy the old one.

Remember again that the only purpose of an IV is to ensure that
ciphertext never repeats even when the (beginning of) the plaintext
does.

Phil



References: