[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Derived versus Explicit IV
On Wed, 23 Jul 1997, Theodore Y. Ts'o wrote:
> References: <6314.wsimpson@greendragon.com>
> From: "C. Harald Koch" <chk@utcc.utoronto.ca>
>
> The draft ESP spec, combined with the ciph-des-derived spec, is
compatible
> with the 32-bit-IV option in RFC 1827+1829, which in turn is the most
> commonly implemented transform.
>
> This is not strictly true. It's true *only* if the authenticator is not
> present (which opens you to the active attacks pointed out by Steve
> Bellovin), and if you assume the RFC-1829 implementation uses a counter
> initialized to zero for the 32-bit IV. Given that support for the
> authenticator is required, an old RFC-1829 implementation won't be
> compliant anyway.
Authentication can be provided by a separate AH header. For interoperability,
it doesn't matter how the 32-bit IV is generated. RFC-1829 implementations
won't be compliant, but at least they will be compatible.
> In my judgement, this limited interoperability isn't particularly
> useful, all things considered. If you're going to be implementing
> something which is compatible with the old RFC1827-1829, you can simply
> use those old RFC's; they're not going away.
Don't forget there is an RFC-1829 installed base out there.
> If you're going to be supporting the new key management stuff, it's not
> that hard to support the new cipher algorithms, and there are very good
> security reasons for doing so.
>
> Finally, if you need to support both the old manual keying way of doing
> things and the new key-management way of doing things, the extra code to
> support a new cipher algorithm is minimal; the size of your DES, MD5,
> SHA, et. al. implementation will completely dwarf the extra code you
> need to support the new way of handling the sequence number and IV
> (which is after all, simply byte juggling).
Why add unnecessary complexity?
Norm
Norman Shulman Secure Computing Canada
Systems Developer Tel 1 416 813 2075
norm@tor.securecomputing.com Fax 1 416 813 2001
Follow-Ups:
References: