[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: DES-CBC padding
Hello Rishi,
>From RFC2406 (ESP):
If Padding bytes are needed but the encryption algorithm does not
specify the padding contents, then the following default processing
MUST be used. The Padding bytes are initialized with a series of
(unsigned, 1-byte) integer values. The first padding byte appended
to the plaintext is numbered 1, with subsequent padding bytes making
up a monotonically increasing sequence: 1, 2, 3, ...
>From RFC245 (DES-CBC):
When padding is required, it MUST be done according to the
conventions specified in [ESP].
You can find sample packets here:
www.vesta-corp.com/VestaRefPktParse_1_00.zip
Best Regards,
Joseph D. Harwood
(408) 838-9434
jharwood@vesta-corp.com
www.vesta-corp.com
> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
[mailto:owner-ipsec@lists.tislabs.com]
> On Behalf Of Rishi Bhardwaj
> Sent: Friday, October 04, 2002 3:08 AM
> To: ipsec@lists.tislabs.com
> Subject: DES-CBC padding
>
> Hi
>
> I am not sure about the padding to be used for DES-CBC mode when it is
> used in IPSec ESP.
> Can i use random data for padding? If so, can the IV be used for this
> purpose? Or will i have to follow the procedure outlined in RFC 2406
and
> pad the last block using a monotonically increasing sequence?
>
> Regards
>
> rishi