[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?

To: rupesh <rupesh.jain@cdac.ernet.in>
Subject: Re: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
From: "Shawn Mamros" <smamros@nortelnetworks.com>
Date: Mon, 28 Feb 2000 11:24:22 -0500
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

>I had read nearly all RFC'c of Ipsec , everywhere it talks about CBC mode
>implementation only. why Ipsec should not be used in other modes like CFB or
>OFB ?

CFB and OFB would require one iteration of the block cipher for
every octet, vs. one iteration per block for CBC.  For an
eight octet per block cipher, it would take eight times longer
to encrypt the packet, with little or no appreciable benefit
security-wise over CBC, as far as I know.  And the larger the
block size (AES will use 16 octet blocks), the worse the
performance will compare to CBC.

-Shawn Mamros
E-mail to: smamros@nortelnetworks.com

Prev by Date: Use of Encryption in Heartbeat Packets
Next by Date: Re: Use of Encryption in Heartbeat Packets
Prev by thread: RE: Use of Encryption in Heartbeat Packets
Index(es):
- Main
- Thread