[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?

To: ipsec@lists.tislabs.com
Subject: Re: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
From: "D. J. Bernstein" <djb@cr.yp.to>
Date: 6 Mar 2000 18:31:10 -0000
References: <000b01bf7f84$6873e6a0$2dcd09c0@nig95> <Pine.GS4.4.21.0003031630440.27571-100000@keeks>
Sender: owner-ipsec@lists.tislabs.com

Helger Lipmaa writes:
> (compare invertible block ciphers - DES, IDEA, Rijndael - with
> non-invertible MACs - UMAC).

Apples and oranges. Data encryption needs a large amount of
unpredictable output. MACs produce only a small amount of output.

Note also that the UMAC advertisements are (1) at a trivially breakable
security level and (2) for absurdly long packets. At a serious security
level, for common packet sizes, UMAC simply uses HMAC-MD5. The MAC
described in http://cr.yp.to/papers/hash127.ps is simpler and faster.

Anyway, I agree that cipher invertibility is unnecessary for encryption,
and is a distraction from the crucial property of unpredictability.

---Dan

References:

Re: Q: Why IPSEC to be used only in CBC mode & not other like CFBor OFB ?

From: Helger Lipmaa <helger@cyber.ee>

Prev by Date: RE: ipsec NICs?
Next by Date: RE: ipsec NICs?
Prev by thread: Re: Q: Why IPSEC to be used only in CBC mode & not other like CFBor OFB ?
Next by thread: Re: Q: Why IPSEC to be used only in CBC mode & not other like CFBor OFB ?
Index(es):
- Main
- Thread