[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Size of IV field in DES-CBC mode

To: ipsec@ans.net
Subject: Re: Size of IV field in DES-CBC mode
From: "William Allen Simpson" <bill.simpson@um.cc.umich.edu>
Date: Tue, 20 Dec 94 15:23:04 GMT
Reply-To: bsimpson@morningstar.com

> From: colin@nyx10.cs.du.edu (Colin Plumb)
> That's why I suggested expanding a sequence number with a CRC-32: it's a cheap
> and well-understood bit-mixing function which is unlikely to occur in the
> header by accident.
>
> If you specify a source of bits to use to extend the IV, then the IV size can
> be easily varied by negotiation.
>
If you can specify a source of bits to use for the IV, then you don't
need an IV in the packets at all.

My suggestion would be to always use a 32-bit IV, and extend it to 64
with the inverse of the IV.  That way, you always get at least a 2-bit
change from a previous IV (counter), and it would very likely not match
changes in the following data (certainly not TCP or UDP).

Yes, a CRC-32 might be better, but I'd rather keep it simple.  I'm for
saving both bytes _and_ processing.

Bill.Simpson@um.cc.umich.edu

Prev by Date: Re[2]: Address as IV [was] Size of IV field in DES-CBC mode
Next by Date: Re: Re[2]: Address as IV [was] Size of IV field in DES-CBC mode
Prev by thread: Re: Size of IV field in DES-CBC mode
Next by thread: Few SwiPe questions
Index(es):
- Main
- Thread