[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Two AES encryption modes?
David,
> >2. You want to use manual keying and therefore may send more than one
> > packet with the same IV. With CBC that doesn't compromise the
> > confidentiality of the data; with counter mode it does.
>
> Nitpick: CBC is not really as secure as one might like if IV's repeat,
> however it is true that IV reuse hurts CTR mode much worse than CBC mode.
>
> If you reuse the same IV with CBC mode, there is some minor compromise
> of message confidentiality (shared plaintext prefixes show through as
> shared prefixes in the ciphertexts); in comparison, IV reuse in CTR mode
> is more devastating (it reveals both plaintexts).
Manual keying does NOT, I repeat NOT mean identical IVs. The two
implementations I worked on (NRL, Solaris) use random (for "random" ==
/dev/urandom strength) IVs regardless of how IPsec SAs are derived.
Dan