[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?

To: "rupesh" <rupesh.jain@cdac.ernet.in>
Subject: Re: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Mon, 28 Feb 2000 13:02:57 -0500
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

In message <000b01bf7f84$6873e6a0$2dcd09c0@nig95>, "rupesh" writes:
> I had read nearly all RFC'c of Ipsec , everywhere it talks about CBC mode
> implementation only. why Ipsec should not be used in other modes like CFB or
> OFB ?
> Please anyone can give me answer to above question or forward me a link.....
> Thanks & Regards
> Rupesh

In principle, there's no reason why other modes can't be used.  However, any 
other mode would need its own security analysis.  OFB, for example, is very 
dangerous if the key stream ever repeats (which in turn would happen if the 
same IV were ever used twice during the lifetime of a given key.

Also note that CFB-64 and OFB-64 still require that the plaintext be a 
multiple of 8 bytes, and that any other mode -- say, CFB-8 or OFB-8 -- would 
require a considerable increase in processing time.

		--Steve Bellovin

Prev by Date: Re: Use of Encryption in Heartbeat Packets
Next by Date: RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
Prev by thread: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
Next by thread: RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
Index(es):
- Main
- Thread