[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: CBC makes Implementations too Slow.
At 10:53 AM -0500 11/29/01, Dilkie, Lee wrote:
>I'm not sure if using a packet counter for an IV is bad. It's just
>that you can't wrap. It's important that the same key/IV combination
>not get reused. I don't believe that the requirement for a random IV
>is necessary. The reason I point this out is that the secure RTP
>spec <draft-ieft-avt-srtp-01.txt> uses an implicit IV (to save on
>transmitting extra data) which is based on information in the RTP
>header (and really is just a packet counter under the covers).
>
>Lee Dilkie
>
>Mitel Networks
>350 Legget Drive
>Kanata, ON, Canada
>K2K 2W7
The FIPS that defines CBC mode calls for the IV to be random or
pseudo random. We explicitly discussed and rejected an implicit IV
based on a value such as you cite for secure RTP. I don't know who
decided that the approach they used was good, but I know what this WG
has discussed previously and what the relevant crypto standards say.
Steve
Follow-Ups:
References: