[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
replay counter size
The latest HMAC AH draft (the one following Montreal) specifies a 64-bit
replay field. The latest Combined ESP draft uses only a 32-bit field.
Jim, was it your intention for these specs to diverge like this? I would
like to understand why these fields need to be different for AH and ESP. I
would rather see them be the same. I personally believe that 2^32 packets
is too much data to encrypt under one key anyway, so I think 32-bits is the
right number. But I'm more concerned that AH and ESP be equally protected.
I recall some discussion in Montreal about the performance of replay window
checks being dependent on the underlying hardware register size, which
supports our desire to make this implementation dependent. I do not recall
discussing changing the replay counter from 32 to 64 bits, though I confess
to being a bit late for the first working group meeting, due to not being
able to get into the room due to overcrowding.
Derrell
To: "Whelan, Bill" <bwhelan@nei.com>
Cc: ipsec@TIS.COM
Subject: Re: CBC vs. ECB
In-Reply-To: Your message of "Wed, 02 Oct 1996 17:05:26 EST."
<9609038443.AA844353349@netx.nei.com>
Reply-To: perry@piermont.com
X-Reposting-Policy: redistribute only with permission
Date: Thu, 03 Oct 1996 13:38:07 -0400
From: "Perry E. Metzger" <perry@piermont.com>
Sender: ipsec-approval@neptune.tis.com
Precedence: bulk
Message-ID: <9610031354.aa13351@neptune.TIS.COM>
"Whelan, Bill" writes:
> So CBC is more secure than ECB! I've been accepting statements such
> as this as gospel for a while, but now I'm not so sure. Please excuse
> my ignorance, but...
ECB modes have a very bad property: repeated instances of the same
message encrypted under the same key form the same ciphertext. CBC
does not have this property. I would suggest reading a good book like
Schneier's Applied Cryptography (2nd Ed.) if you want to get a better
idea of the issues.
Perry