[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf_key comments

To: ho@earth.hpc.org (Hilarie Orman)
Subject: Re: pf_key comments
From: Uri Blumenthal <uri@watson.ibm.com>
Date: Mon, 6 Jan 1997 16:02:56 -0500 (EST)
Cc: ipsec@tis.com
In-Reply-To: <199701062024.PAA03400@earth.hpc.org> from "Hilarie Orman" at Jan 6, 97 03:24:52 pm
Reply-To: uri@watson.ibm.com
Sender: owner-ipsec@ex.tis.com

Hilarie Orman says:
>>> Does the IV have to be *unpredictably* different, or just different?
>>
>> Just different.
> 
> Phil Rogaway has pointed out that if the IV and the first data block are 
> both changing so as to cause their xor to be constant, the purpose of 
> the IV is defeated.  

Cute!

> I don't know if this has ever been observed in practice, but it
> is something to keep in mind (I suppose someone now will try to design
> this into a protocol as some kind of optimization!).
 
(:-)

Considering that IV has nothing to do with the data block, I'd
say the chance to see this in practice is nil.

Could anybody comment on this? Was/is there ever a case when IV
was somehow data-dependent?

Oh, and when you use the last ciphertext from the last message
as the IV for the next message,  due to ciphertext properties
of any semi-decent cipher this should be a no-issue. Correct?
-- 
Regards,
Uri		uri@watson.ibm.com
-=-=-=-=-=-=-
<Disclaimer>

References:

RE: pf_key comments

From: ho@earth.hpc.org (Hilarie Orman)

Prev by Date: Thinkin' about identifiers...
Next by Date: RE: Thinkin' about identifiers...
Prev by thread: RE: pf_key comments
Next by thread: Re: IPsec and TCP
Index(es):
- Main
- Thread