[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: calculating IVs

To: ipsec@tis.com
Subject: Re: calculating IVs
From: "William Allen Simpson" <wsimpson@greendragon.com>
Date: Sat, 21 Jun 97 19:13:26 GMT
Sender: owner-ipsec@ex.tis.com

> From: Matt Thomas <matt.thomas@altavista-software.com>
> If all the "shim" ESP drafts hadd agreed on a signle common IV, I
> wouldn't have asked.  But there was a difference and (as an implementor)
> I wanted to know why (I'd rather have one common method for all the
> ciphers, if possible).
>
Won't happen.  For one thing, you are currently looking at too narrow a
scope.  Not all ciphers use CBC, or an IV, or the same kind of
initialization.  So, we cannot have "one size fits all".

And the amount of code we are talking about is miniscule:

	switch(sp->emode){	/* Set up IV according to mode */
	case DES_CBC0:
	case DES3_CBC0:		/* IV of all zeros */
		memset(iv,0,sizeof(iv));
		break;
	case DES_CBC32:
	case DES3_CBC32:	/* 32-bit IV repeated inverted */
		pullup(bpp,iv,4);
		ip->length -= 4;
		memcpy(iv+4,iv,4);
		memxor(iv+4,One_bits,4);
		break;
	case DES_CBC64:
	case DES3_CBC64:	/* Full 64-bit IV */
		pullup(bpp,iv,8);
		ip->length -= 8;
		break;
	default:
		free_p(bpp);
		return -1;	/* Unknown encryption mode */
	}


> >I would be willing to change.  Ask the vendors that implemented RFC-1851
> >if they would be willing to change....
>
> Since we seem to be doing our best to be incompatible with RFC 1851,
> why do we care?

Who is?!?!

I'm trying my best to be compatible with what is SHIPPING.  Unless there
is a seriously _quantitative_ reason for changing, I'm against changing.

New transforms are something else.  Let's debate each on its own merits.


> As much as I hate suggesting this, make it negotiable
> (with the default being the same as the current behavior).  If it is
> really more secure (or better), those that can do it will.
>
What is currently written, for RFC-1829 and RFC-1851:

 1) Manual configuration, leave same, selecting CBC32 (above).

 2) DOI negotiation, specify change to newer version, as needed.

                                ----

So, here's my challenge to those who want change:

 A) Show how much memory/bandwidth/CPU is saved or spent.

 B) Show the quantitative improvement in cryptographic strength.

WSimpson@UMich.edu
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32
BSimpson@MorningStar.com
    Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2

Follow-Ups:

Re: calculating IVs

From: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>

Prev by Date: DES futile?
Next by Date: Re: A little social engineering
Prev by thread: Re: calculating IVs
Next by thread: Re: calculating IVs
Index(es):
- Main
- Thread