[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
>>>>> "Chris" == Chris Trobridge <CTrobridge@baltimore.com> writes:
Chris> The main issue with counter mode is the requirement to avoid
Chris> using the same values twice. This might not sound like much
Chris> but it's the sort of thing that gives evaluators nightmares.
That's a fair issue, but I can't see it being a fatal problem. The
same requirement already exists for sequence numbers. As has been
mentioned already (a few weeks ago, I think, perhaps in a different
venue) you could concatenate the ESP sequence number with the block in
packet number to make the counter number.
Chris> I can't claim to be a crypto-scholar, but looking over the
Chris> publication you reference (A Concrete Security Treatment Of
Chris> Symmetric Encryption: Analysis Of DES modes Of Operation), I'm
Chris> not convinced that the attacks they mention are particularly
Chris> viable, at least not in IPSEC case. The attack analysed is
Chris> chosen plaintext which wouldn't generally be possible.
I'd be hesitant to assume that chosen plaintext is that hard; in any
event, it is one of the current standard tests for the security of a
cipher. (If a cipher is secure against known plaintext but not
against chosen text attack, that is no longer considered acceptable.)
paul
Follow-Ups:
References: