[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Q: Why IPSEC to be used only in CBC mode & not other like CFBor OFB?
David,
thanks for your comments, more inline:
"David A. Wagner" wrote:
>
> In article <38C437F4.3C7A71EF@cisco.com>,
> David A. McGrew <mcgrew@cisco.com> wrote:
> > there are some attacks to which stream ciphers, and ECB, OFB, and
> > counter modes are more vulnerable than CBC mode. Biham's key collision
> > attack and Hellman's time-memory tradeoff attack [...]
>
> I have to disagree with you on this point.
>
> I believe the attacks you cited only work against OFB or counter mode
> if you use a fixed IV (e.g., all zeros). But it is well-known that
> this is a bad idea, no matter what mode you use.
>
yes, this is an important point. Still, if the key is longer than the
blocksize, Biham's attack is more efficient than an exhaustive search.
> So I don't think these considerations should prevent us from using
> counter mode.
I agree. I did not mean to suggest that any modes be excluded from
consideration, but rather to reply to Rupesh's request for information.
David
References: