[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Java crypto Cipher-Block-Chaining isn't chaining

To: "Theodore Y. Ts'o" <tytso@MIT.EDU>, ipsec@lists.tislabs.com
Subject: Re: Java crypto Cipher-Block-Chaining isn't chaining
From: RL@incaa.nl (Robert Luursema)
Date: Tue, 4 May 1999 14:11:33 +0200
Organization: INCAA Datacom b.v.
Reply-to: RL@incaa.nl
Sender: owner-ipsec@lists.tislabs.com

On  4 May 99 at 1:05, Theodore Y. Ts'o wrote:
> RFC 2405 does require that the IV be a new random value for each packet,
> however, so an implementation which used the same IV for each packet
> would not comply with RFC 2405.  (Nor would it be a good idea from a
> cryptographic point of view.)
> 
> That being said, the original question was about the Java JCE, and it's
> not clear to me that the Java JCE was designed to be a IPSEC
> implementation.  The JCE is just a crypto toolkit, is it not?

JCE = Java Cryptography Extension.

Java is probably not suited for doing complete IPSEC, but is very good 
suited to do IKE, which is part of IPSEC.

RFC 2409 defines IKE (partially), and it has the requirement that 
subsequent messages to be encrypted with IV = last CBC block.

In the mean time I figured it out, and the questions have been 
answered.

That does not alter the correctness of my initial observations; only 
they ware intentional, and the Java CBC implementation seems to be 
correct.

Robert
--
Robert Luursema          R.Luursema@incaa.nl         Incaa Datacom b.v.

Follow-Ups:

Re: Java crypto Cipher-Block-Chaining isn't chaining

From: Tamir Zegman <zegman@checkpoint.com>

Prev by Date: RE: INITIAL-CONTACT issues
Next by Date: Re: IPSec support within BSDi 4.0?
Prev by thread: Re: Java crypto Cipher-Block-Chaining isn't chaining
Next by thread: Re: Java crypto Cipher-Block-Chaining isn't chaining
Index(es):
- Main
- Thread