[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CBC vs. ECB

To: perry@piermont.com
Subject: Re: CBC vs. ECB
From: Matt Crawford <crawdad@fnal.gov>
Date: Fri, 04 Oct 1996 09:13:34 -0500
Cc: "Whelan, Bill" <bwhelan@nei.com>, ipsec@TIS.COM
In-Reply-To: "03 Oct 1996 13:38:07 EDT." <"9610031354.aa13351"@neptune.TIS.COM>
Sender: ipsec-approval@neptune.tis.com

> >      So CBC is more secure than ECB!  I've been accepting statements such 
> >      as this as gospel for a while, but now I'm not so sure.  Please excuse
> >      my ignorance, but...
> 
> ECB modes have a very bad property: repeated instances of the same
> message encrypted under the same key form the same ciphertext. CBC
> does not have this property.

But this is true whether or not you have an IV, and that's where this
thread started.  Yes, with no IV, a constant first block will always
come out the same if you begin again with the same key.  But if an SA
includes an IV, it would seem to me to be as easy to change the key
as to change the IV.
_________________________________________________________
Matt Crawford          crawdad@fnal.gov          Fermilab
  PGP: D5 27 83 7A 25 25 7D FB  09 3C BA 33 71 C4 DA 6A

Prev by Date: Re: replay window
Next by Date: Re: replay window
Prev by thread: Proposed changes to transform naming..
Next by thread: Re: Comments on ESP and AH IPSEC drafts.
Index(es):
- Main
- Thread