[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: DES-CBC padding



Hello Rishi,

>From RFC2406 (ESP):

   If Padding bytes are needed but the encryption algorithm does not
   specify the padding contents, then the following default processing
   MUST be used.  The Padding bytes are initialized with a series of
   (unsigned, 1-byte) integer values.  The first padding byte appended
   to the plaintext is numbered 1, with subsequent padding bytes making
   up a monotonically increasing sequence: 1, 2, 3, ...  

>From RFC245 (DES-CBC):

   When padding is required, it MUST be done according to the
   conventions specified in [ESP].



You can find sample packets here:

www.vesta-corp.com/VestaRefPktParse_1_00.zip


Best Regards,
Joseph D. Harwood
(408) 838-9434
jharwood@vesta-corp.com
www.vesta-corp.com



> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
[mailto:owner-ipsec@lists.tislabs.com]
> On Behalf Of Rishi Bhardwaj
> Sent: Friday, October 04, 2002 3:08 AM
> To: ipsec@lists.tislabs.com
> Subject: DES-CBC padding
> 
> Hi
> 
> I am not sure about the padding to be used for DES-CBC mode when it is
> used in IPSec ESP.
> Can i use random data for padding? If so, can the IV be used for this
> purpose? Or will i have to follow the procedure outlined in RFC 2406
and
> pad the last block using a monotonically increasing sequence?
> 
> Regards
> 
> rishi