[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: CBC makes Implementations too Slow.
SRTP's implicit IV is for counter mode, not cbc.
Mark
At 02:08 PM 11/29/2001 -0500, Stephen Kent wrote:
>At 10:53 AM -0500 11/29/01, Dilkie, Lee wrote:
>>I'm not sure if using a packet counter for an IV is bad. It's just that
>>you can't wrap. It's important that the same key/IV combination not get
>>reused. I don't believe that the requirement for a random IV is
>>necessary. The reason I point this out is that the secure RTP spec
>><draft-ieft-avt-srtp-01.txt> uses an implicit IV (to save on transmitting
>>extra data) which is based on information in the RTP header (and really
>>is just a packet counter under the covers).
>>
>>Lee Dilkie
>>
>>Mitel Networks
>>350 Legget Drive
>>Kanata, ON, Canada
>>K2K 2W7
>
>
>The FIPS that defines CBC mode calls for the IV to be random or pseudo
>random. We explicitly discussed and rejected an implicit IV based on a
>value such as you cite for secure RTP. I don't know who decided that the
>approach they used was good, but I know what this WG has discussed
>previously and what the relevant crypto standards say.
>
>Steve
Follow-Ups:
References: