[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
In section 1.3, Initialization Vector.
The IV is defined for SAs with negotiated keys as based on the
SPI and replay counter:
When dynamically configured via a key management protocol, the 64-bit
IV is generated from the 32-bit SPI field followed by (concatenated
with) the 32-bit Sequence Number field. The bit-wise complement of
the 32-bit Sequence Number value is XOR'd with the first 32-bits
My question is why? I read the security notes but I still can't figure
out the above is specified. Both the RC5 and CAST ESP drafts use a
pseudo-random IV which is discarded. That's makes much more sense to me.
By defining the 3DES IV as above, doesn't this give an attacker a really
good source of plaintext to try to crack the keys?
Am I missing something fundamental here?
Matt Thomas Internet: email@example.com
Internet Locksmith WWW URL: <coming eventually>
AltaVista Internet Software Disclaimer: This message reflects my own
Littleton, MA warped views, etc.