[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
FW: Calling the question: implicit vs. explicit IV
>I vote for Explicit IV.
>
>The reasons?
>
>o I want one method for retrieving the IV from a packet no matter what
>algorithm I'm using. Without a general method for CBC-mode block ciphers,
>code complexity will bring in bugs.
>
>o The compatibility that derived IVs is suppose to give us, is BS. The
>32-bit IV was a hack that should have been forgotten a long time ago.
>Becides the current derived IV does not give us full compatibility.
>
>o Speed: We need speed down at the network interceptor level. Deriving an
>IV takes a lot more time than just picking it up directly from the packet.
>
>o Space: An extra 8 bytes is nothing compared to the extra bytes that
>ESP+auth adds in.
>
>o Flexibility: When (If) I do a RC5 implementation with 128 bit blocks, I
>will need a 128 bit IV. I don't want to derive 16 bytes of IV.
>
o Current Implementations: All of the current implementations that we
>tested with at all of the ANX bakeoffs used EXPLICIT IVs.