[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Size of IV field in DES-CBC mode
Carl Muckenhim said:
I think that's a wonderful idea (always padding with source address).
Using the bottom 4 bytes of an IPv6 address may also work, though there
may be some IV-space clashes since they are not guaranteed to be
different per-host as IPv4 addrs are. Alternatively use the Senders SAID
(we might even be able to reduce the amount of bit shuffling if we put
the SAID directly before the IV (with no intervening bits).
In some hardware implementations, it is difficult to use IVs that are not
generated by the hardware. While many (maybe even most) implementation of IPSP
will use software, I would hate to prohibit hardware.
For this reason, I would rather use random IVs and carry the source address in a
protected header when data origin authentication requires an address.
Russ