RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?

[Paul Koning <pkoning@xedia.com>]

>>>>> "Helger" == Helger Lipmaa <helger@cyber.ee> writes:

 Helger> The problem with sequence number concatenated with packet
 Helger> number used as counters is that some counter space would be
 Helger> lost: e.g. if sequence numbers are 32-bit numbers and packets
 Helger> are not longer than 2^16 blocks (where a block could be 8, 16
 Helger> or 32 bytes) in length, there would be no more than 2^48
 Helger> different counters. Of course, that is still better than the
 Helger> security of 2^32 offered by the CBC mode. And in this case
 Helger> more than 2^48 encrypted blocks should not be sent anyways
 Helger> (otherwise ESP counter would zero again).

Any deterministic way of maintaining the counter would have that
property for any SA with replay protection, since you're not allowed
to send more than 2^32 packets before rekeying and no IP packet is
more than 2^16 bytes long.  But while that's a *property* of the
system, it doesn't strike me as a *problem*.  If you had a counter
construction rule that limited you to fewer distinct counter values
than you might want to use naturally, that would be different -- but
that isn't the case here.

	paul

---

References:

• RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• From: Paul Koning <pkoning@xedia.com>
• RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• From: Helger Lipmaa <helger@cyber.ee>

---

• Prev by Date: RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• Next by Date: ipsec NICs?
• Prev by thread: RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• Next by thread: RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• Index(es):
  • Main
  • Thread