[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: counter mode



> For example, 16 bits of counter are more than 
> sufficient to cover a max size IP datagram, using an 8 or 16 byte 
> codebook. 

IPv6 jumbograms can (theoretically) be up to 2**32 bytes long.  With a
128-bit block size, this requires ~25 bits of intra-block counter, but
we might as well reserve 32 bits..

> 	IV or high order cntr bits || ESP seq # || intra-packet cntr || zeros

I'd put the intra-packet counter in the low end since this make things
easier in (big endian) 64-bit land and not appreciably harder for
little-endian systems.

	IV/high order bits || ESP seq # || zeros || intrapacket cntr

To be space/bandwidth efficient, I'd be inclined to leave out the IV
entirely and perhaps just use the SPI in the high order bits, but I'm
not sure if that's cryptographically weak...

					- Bill


Follow-Ups: References: