[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


In section 1.3, Initialization Vector.

The IV is defined for SAs with negotiated keys as based on the
SPI and replay counter:

   When dynamically configured via a key management protocol, the 64-bit
   IV is generated from the 32-bit SPI field followed by (concatenated
   with) the 32-bit Sequence Number field.  The bit-wise complement of
   the 32-bit Sequence Number value is XOR'd with the first 32-bits

My question is why?  I read the security notes but I still can't figure
out the above is specified.  Both the RC5 and CAST ESP drafts use a
pseudo-random IV which is discarded.  That's makes much more sense to me.
By defining the 3DES IV as above, doesn't this give an attacker a really
good source of plaintext to try to crack the keys?

Am I missing something fundamental here?
Matt Thomas                    Internet:   matt.thomas@altavista-software.com
Internet Locksmith             WWW URL:    <coming eventually>
AltaVista Internet Software    Disclaimer: This message reflects my own
Littleton, MA                              warped views, etc.