[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf_key comments

To: Bill Sommerfeld <sommerfeld@apollo.hp.com>
Subject: Re: pf_key comments
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 03 Jan 1997 17:17:50 -0500
cc: Rodney Thayer <rodney@sabletech.com>, ipsec@tis.com
In-reply-to: Your message of "Fri, 03 Jan 1997 14:56:38 EST." <199701031956.OAA01250@thunk.orchard.medford.ma.us>
Reply-To: perry@piermont.com
Sender: owner-ipsec@ex.tis.com

Bill Sommerfeld writes:
> > I thought people were generating the IV once at the initialization of the
> > S-A but I realize that could be wrong.
> 
> my understanding is that, for best security, the IV should be
> different for each packet.

Absolutely. The whole point of an IV is to assure that identical data
doesn't encrypt identically. If you use the same IV each time, you've
already lost.

Perry

References:

Re: pf_key comments

From: Bill Sommerfeld <sommerfeld@apollo.hp.com>

Prev by Date: Re: pf_key comments
Next by Date: Re: pf_key comments
Prev by thread: Re: pf_key comments
Next by thread: Re: pf_key comments
Index(es):
- Main
- Thread