RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?

[Stephen Kent <kent@bbn.com>]

>Chris> The main issue with counter mode is the requirement to avoid
>  Chris> using the same values twice.  This might not sound like much
>  Chris> but it's the sort of thing that gives evaluators nightmares.
>
>That's a fair issue, but I can't see it being a fatal problem.  The
>same requirement already exists for sequence numbers.  As has been
>mentioned already (a few weeks ago, I think, perhaps in a different
>venue) you could concatenate the ESP sequence number with the block in
>packet number to make the counter number.

It's dangerous for a crypto system to accept a value from "outside" 
as a basis for generating key stream, especially for a mode such as 
this.  So, if software in my IPSec system maintained the ESP sequence 
number and handed the formatted packet into the crypto, which the 
made use of that externally provided value for counter mode control, 
I'd question the assurance of the resulting encryption system. 
That's one of the reasons why we have discouraged implicit IVs for 
CBC modes.

Steve

---

Follow-Ups:

• RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• From: Paul Koning <pkoning@xedia.com>

References:

• RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• From: Chris Trobridge <CTrobridge@baltimore.com>
• RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• From: Paul Koning <pkoning@xedia.com>

---

• Prev by Date: RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• Next by Date: RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• Prev by thread: RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• Next by thread: RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• Index(es):
  • Main
  • Thread