Hi
Thanks for the clarifications regarding IV usage for AES methods.
RFC 2405 (DES) in its implementation note says
"Common practice is to use random data for the first IV and the last
8 octets of encrypted data from an encryption process as the IV for
the next encryption process; this logically extends the CBC across
the packets.It also has the advantage of limiting the leakage of
information from the random number genrator. No matter which mechnism
is used, the receiver MUST NOT assume any meaning for this value,
other than that it is an IV."
But towards the end of the RFC, it says
"For the first block of plaintext, though, the IV takes the place
of the previous block of ciphertext. If the IV doesn't differ
much from the previous IV, and the actual plaintext block doesn't
differ much from the previous packet's, then the effective
plaintext won't differ much, either. This means that you have
pairs of ciphertext blocks combined with plaintext blocks that
differ in just a few bit positions. This can be a wedge for
assorted cryptanalytic attacks."
What is RFC suggesting here?Anyway we can not avoid the possibility
of successive plain packets being identical atleast partially.
Is Random number for IV a must or it is ok to get it from the
previous encrypted packet for DES?
What are the latest observations?
I also want know the same regarding 3DES.
Thanks in advance
-ns murthy
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
