Re: Q: Why IPSEC to be used only in CBC mode & not other like CFBor OFB?

["David A. McGrew" <mcgrew@cisco.com>]

David,

thanks for your comments, more inline:

"David A. Wagner" wrote:
> 
> In article <38C437F4.3C7A71EF@cisco.com>,
> David A. McGrew <mcgrew@cisco.com> wrote:
> > there are some attacks to which stream ciphers, and ECB, OFB, and
> > counter modes are more vulnerable than CBC mode.  Biham's key collision
> > attack and Hellman's time-memory tradeoff attack [...]
> 
> I have to disagree with you on this point.
> 
> I believe the attacks you cited only work against OFB or counter mode
> if you use a fixed IV (e.g., all zeros).  But it is well-known that
> this is a bad idea, no matter what mode you use.
> 

yes, this is an important point.  Still, if the key is longer than the
blocksize, Biham's attack is more efficient than an exhaustive search.

> So I don't think these considerations should prevent us from using
> counter mode.

I agree.  I did not mean to suggest that any modes be excluded from
consideration, but rather to reply to Rupesh's request for information.  

David

---

References:

• Re: Q: Why IPSEC to be used only in CBC mode & not other like CFBor OFB ?
• From: Helger Lipmaa <helger@cyber.ee>
• Re: Q: Why IPSEC to be used only in CBC mode & not other like CFBor OFB ?
• From: "David A. McGrew" <mcgrew@cisco.com>
• Re: Q: Why IPSEC to be used only in CBC mode & not other like CFBor OFB?
• From: daw@cs.berkeley.edu (David A. Wagner)

---

• Prev by Date: Re: Q: Why IPSEC to be used only in CBC mode & not other like CFBor OFB?
• Next by Date: Re: MAC speeds
• Prev by thread: Re: Q: Why IPSEC to be used only in CBC mode & not other like CFBor OFB?
• Next by thread: RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• Index(es):
  • Main
  • Thread