[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
> In message <000b01bf7f84$6873e6a0$2dcd09c0@nig95>, "rupesh" writes:
> > I had read nearly all RFC'c of Ipsec , everywhere it talks
> about CBC mode
> > implementation only. why Ipsec should not be used in other
> modes like CFB or
> > OFB ?
> > Please anyone can give me answer to above question or
> forward me a link.....
> > Thanks & Regards
> > Rupesh
>
> In principle, there's no reason why other modes can't be
> used. However, any
> other mode would need its own security analysis. OFB, for
> example, is very
> dangerous if the key stream ever repeats (which in turn would
> happen if the
> same IV were ever used twice during the lifetime of a given key.
>
> Also note that CFB-64 and OFB-64 still require that the
> plaintext be a
> multiple of 8 bytes, and that any other mode -- say, CFB-8 or
> OFB-8 -- would
> require a considerable increase in processing time.
>
> --Steve Bellovin
CFB-8 is very time consuming and it also doesn't really help with the packet
extension problem. Even though it doesn't require padding the rest of IPSEC
does and extends the datagram with other fields. IME, once you extend the
datagram in anyway then you incur most of the problems with MTU etc anyway.
OFB-64 doesn't require the plaintext to be a multiple of 8 bytes - it's just
xoring the cipher stream with the plaintext and any 'extra' bytes can be
discarded before transmission. A unique IV isn't a problem if it's
generated deterministically from the packet counter, though it's probably
inherently less safe than CBC. The are some slight advantages to OFB mode -
no xor in the feedback path - but nothing significant over CBC, and
outweighed by other concerns.
Chris