[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pf_key comments
Bill Sommerfeld writes:
> > I thought people were generating the IV once at the initialization of the
> > S-A but I realize that could be wrong.
>
> my understanding is that, for best security, the IV should be
> different for each packet.
Absolutely. The whole point of an IV is to assure that identical data
doesn't encrypt identically. If you use the same IV each time, you've
already lost.
Perry
References: