[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-ipsec-<many>-00.txt




Perry:

> One legitimate question, of course, might be whether or not we'd be 
> better off with a DES MAC, on the premise that we could gain some
> performance that way since we are already DES walking the entire packet
> anyway...

I do not recall the source, but my recollection is that it is not a good idea to
use DES MAC and DES CBC with the same key.  If you use two different keys, ont 
fro DES MAC and one for DES CBC, then there are no security concerns.  Of couse,
this raises some performance concerns.

Russ


Follow-Ups: