[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Two AES encryption modes?

To: ipsec@lists.tislabs.com
Subject: Re: Two AES encryption modes?
From: daw@mozart.cs.berkeley.edu (David Wagner)
Date: 26 Jul 2002 00:02:48 GMT
Distribution: isaac
Newsgroups: isaac.lists.ipsec
Organization: University of California, Berkeley
References: <541402FFDC56DA499E7E13329ABFEA87060C6D@SARATOGA> <15680.2800.509000.651699@gargle.gargle.HOWL>
Sender: owner-ipsec@lists.tislabs.com

Paul Koning  wrote:
>2. You want to use manual keying and therefore may send more than one
>   packet with the same IV.  With CBC that doesn't compromise the
>   confidentiality of the data; with counter mode it does.

Nitpick: CBC is not really as secure as one might like if IV's repeat,
however it is true that IV reuse hurts CTR mode much worse than CBC mode.

If you reuse the same IV with CBC mode, there is some minor compromise
of message confidentiality (shared plaintext prefixes show through as
shared prefixes in the ciphertexts); in comparison, IV reuse in CTR mode
is more devastating (it reveals both plaintexts).

Follow-Ups:
- Re: Two AES encryption modes?
  - From: Dan McDonald <danmcd@east.sun.com>

References:
- RE: Two AES encryption modes?
  - From: Gregory Lebovitz <Gregory@netscreen.com>
- RE: Two AES encryption modes?
  - From: Paul Koning <pkoning@equallogic.com>

Prev by Date: RE: Two AES encryption modes?
Next by Date: RE: draft-ietf-ipsec-ciph-aes-ctr-00.txt
Prev by thread: RE: Two AES encryption modes?
Next by thread: Re: Two AES encryption modes?
Index(es):
- Date
- Thread