[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IV sizes for AES candidates



In message <20000807185658.4465.qmail@pb151.postoffice.net>, jeff@allegrosys.co
m writes:
>Is anyone working on drafts for ESP using the AES candidates?
>
>Is there a consensus that the IV part of the payload should
>be a number of 32bit words?

The IV should be the same size as the ciphertext blocksize, which for 
AES is 16 bytes.  (One could make some argument that one could stick 
with 8 bytes, and somehow expand it.  That would make me nervous 
without some good analysis.)


		--Steve Bellovin




Follow-Ups: