[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

draft-simpson-esp-des3-x-01.txt

To: ipsec@tis.com
Subject: draft-simpson-esp-des3-x-01.txt
From: Matt Thomas <matt.thomas@altavista-software.com>
Date: Wed, 11 Jun 1997 16:48:17 -0400
In-Reply-To: <5941.wsimpson@greendragon.com>
Sender: owner-ipsec@ex.tis.com

In section 1.3, Initialization Vector.

The IV is defined for SAs with negotiated keys as based on the
SPI and replay counter:

   When dynamically configured via a key management protocol, the 64-bit
   IV is generated from the 32-bit SPI field followed by (concatenated
   with) the 32-bit Sequence Number field.  The bit-wise complement of
   the 32-bit Sequence Number value is XOR'd with the first 32-bits
   (SPI).

My question is why?  I read the security notes but I still can't figure
out the above is specified.  Both the RC5 and CAST ESP drafts use a
pseudo-random IV which is discarded.  That's makes much more sense to me.
By defining the 3DES IV as above, doesn't this give an attacker a really
good source of plaintext to try to crack the keys?

Am I missing something fundamental here?
-- 
Matt Thomas                    Internet:   matt.thomas@altavista-software.com
Internet Locksmith             WWW URL:    <coming eventually>
AltaVista Internet Software    Disclaimer: This message reflects my own
Littleton, MA                              warped views, etc.

Prev by Date: users and connections a futile waste of time
Next by Date: users and connections definitions
Prev by thread: CFP: 1998 Symposium on Network and Distributed System Security
Next by thread: users and connections definitions
Index(es):
- Main
- Thread