RE: CBC makes Implementations too Slow.

[Mark Baugher <mbaugher@cisco.com>]

SRTP's implicit IV is for counter mode, not cbc.

Mark
At 02:08 PM 11/29/2001 -0500, Stephen Kent wrote:
>At 10:53 AM -0500 11/29/01, Dilkie, Lee wrote:
>>I'm not sure if using a packet counter for an IV is bad. It's just that 
>>you can't wrap. It's important that the same key/IV combination not get 
>>reused. I don't believe that the requirement for a random IV is 
>>necessary. The reason I point this out is that the secure RTP spec 
>><draft-ieft-avt-srtp-01.txt> uses an implicit IV (to save on transmitting 
>>extra data) which is based on information in the RTP header (and really 
>>is just a packet counter under the covers).
>>
>>Lee Dilkie
>>
>>Mitel Networks
>>350 Legget Drive
>>Kanata, ON, Canada
>>K2K 2W7
>
>
>The FIPS that defines CBC mode calls for the IV to be random or pseudo 
>random. We explicitly discussed and rejected an implicit IV based on a 
>value such as you cite for secure RTP.  I don't know who decided that the 
>approach they used was good, but I know what this WG has discussed 
>previously and what the relevant crypto standards say.
>
>Steve

---

Follow-Ups:

• RE: CBC makes Implementations too Slow.
• From: "David A. Mcgrew" <mcgrew@cisco.com>

References:

• RE: CBC makes Implementations too Slow.
• From: "Dilkie, Lee" <Lee_Dilkie@mitel.com>
• RE: CBC makes Implementations too Slow.
• From: Stephen Kent <kent@bbn.com>

---

• Prev by Date: Re: On shared keys
• Next by Date: RE: IP Storage and IPsec encapsulation
• Next by thread: Re: Status of ID: IPsec Flow Monitoring MIB
• Index(es):
  • Main
  • Thread