[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft-ietf-ipsec-ciph-aes-ctr-00.txt
On Monday 29 July 2002 18:56, Alex Alten wrote:
> Thanks David,
>
> My misunderstanding of the IV generation details. I just read your
> other explanation of the secret starting offset for the IV sequence.
> In your/Fluher's design, is this offset generated separately from
> the key bits?
Depending on how the key bits are generated, it may not matter.
For example, if the key bits are produced by a crypto-strong PRNG,
then the offset can be taken from that stream. [I admit that I
personally would prefer a different source, possibly with a different
keying of that same PRNG.] Otherwise, there can be a big problem.
> What if the key is used repeatedly, or in the worst case shared
> among many hosts?
Shouldn't matter - because anyway the key is used for more than one
packet. What does matter is that the combination of Key+IV never
repeats. Good random seeding should take care of it, I think.
> What happens if a host reboots? Does the secret
> offset start at the same initial value? If not, how do you
> guarentee this?
Good questions.
I'd say - seeding the generating PRNG with /dev/random output
after host reboot should give a reasonably good assurance.
> BTW, I'm not completely clear on this aspect. Does the sender
> completely control the IV sequence generation?
He better!
> Can the receiver process incoming packets out-of-order or handle
> dropped packets?
Again, he better.
--
Regards,
Uri-David
-=-=-<>-=-=-
<Disclaimer>