[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: CBC makes Implementations too Slow.
You would have to send all of the random data you're using as IV along with
the encrypted packet (amount of data transmitted = 2x amount of packet
data). The advantage of using the previous encrypted block as IV is that
only the IV for the first block has to be sent (amount of data transmitted =
amount of packet data + 1 block).
Best Regards,
Joseph D. Harwood
(408) 838-9434
jharwood@vesta-corp.com
www.vesta-corp.com
> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Michael Cyr
> Sent: Wednesday, November 28, 2001 1:57 PM
> To: ipsec@lists.tislabs.com
> Subject: Re: CBC makes Implementations too Slow.
>
>
> On Tue, 30 Oct 2001, Steven M. Bellovin wrote:
>
> > CBC mode requires
> > feedback, which makes it impossible to pipeline encryptions; you can't
> > encrypt plaintext block P[n+1] until you have the ciphertext from
> > encrypting P[n].
>
> I know this discussion was a while ago, but I have a question related to
> the problem. First, let me say that I'm new to the list, and still
> somewhat new to IPsec in general, so I hope you'll forgive any ignorance
> on my part.
>
> Would it be a complete violation of the protocol to use random data for
> the IV data instead of a portion of the ciphertext of the previous
> block? I know this violates the spirit of cipher block _chaining_, but
> it would seem to address the concern that CBC was meant to fix, which is
> to ensure that if the same cleartext is encrypted twice, it doesn't
> produce the same ciphertext. Anyone have a definitive answer on this?
>
> Thanks,
>
> ----------------------------------------------------------------------
> Michael Cyr | Phone 512-838-2943 |mikecyr@austin.ibm.com .. Email
> AIX IP Security | Tie-Line 678-2943 |
> Austin, TX | FAX 512-838-3509 |-------------------------------
>
References: