[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf_key comments

To: Bill Sommerfeld <sommerfeld@apollo.hp.com>, "C. Harald Koch" <chk@border.com>
Subject: Re: pf_key comments
From: hoodr@livingston.com
Date: Fri, 3 Jan 1997 15:37:23 -0800
Cc: Rodney Thayer <rodney@sabletech.com>, ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

>> Does the IV have to be *unpredictably* different, or just different?
>
>The part of me which is a Paranoid Cryptographic Protocol Engineer
>would generate it with a CPRNG.
>
>The IV is sent in the clear.  I don't think it makes a difference how
>different it is, but I'm not a Real Cryptographer(tm).

My understanding of CBC, was that the IV for each block was the output of
the last CBC block (except of course for the very first block).  I've just
been carrying the last block over from the previous packet, and making that
the next IV for the new packet.

Since this is exactly whats happening within each packet, I figured (read
guessed) that it was just as secure to extend it to the next packet.
Obviously, I'm not a Real Cryptographer(tm) either :)

Prev by Date: Re: pf_key comments
Next by Date: Re: IPsec and TCP
Prev by thread: Re: pf_key comments
Next by thread: RE: pf_key comments
Index(es):
- Main
- Thread