[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: draft-ietf-ipsec-ciph-aes-ctr-00.txt

To: "David A. Mcgrew" <mcgrew@xxxxxxxxx>
Subject: RE: draft-ietf-ipsec-ciph-aes-ctr-00.txt
From: "Housley, Russ" <rhousley@xxxxxxxxxxxxxxx>
Date: Mon, 29 Jul 2002 09:59:41 -0400
Cc: ipsec@xxxxxxxxxxxxxxxxx
In-reply-to: <>
References: <>
Sender: owner-ipsec@xxxxxxxxxxxxxxxxx

[Klaus]

> yes, I agree with you, I can not see any reason to use an external IV for > AES CTR if algorithms easy can be defined for internal building of IV's with > ESP sequence number and SPI. The only cryptographic requirement for the > sequence of IV's is, that all the counter values, derived from all the IV's > over all the ESP packets, transformed by AES, are different as long as one > fixed key is used.

[David]

that's right.  Additionally, some additional strength against attacks which
rely on precomputation of a database to use during the attack stage can be
gained by having the part of the counter be secret.

We have discussed the inclusion of a secret component in the counter. It complicates the key management by requiring an additional secret value to be managed. If one is concerned about this type of dictionary attack, the use of a longer AES key provides more protection without imposing additional requirements on key management.

Russ

Follow-Ups:
- RE: draft-ietf-ipsec-ciph-aes-ctr-00.txt
  - From: Alex Alten
- RE: draft-ietf-ipsec-ciph-aes-ctr-00.txt
  - From: David A. Mcgrew

References:
- re: draft-ietf-ipsec-ciph-aes-ctr-00.txt
  - From: Klaus Helbig
- RE: draft-ietf-ipsec-ciph-aes-ctr-00.txt
  - From: David A. Mcgrew

Prev by Date: Re: [MSEC] Re: new version of ESP ID
Next by Date: Re: new version of ESP ID
Previous by thread: Draft on providing Authentication/Confidentiality to OSPFv3
Next by thread: RE: draft-ietf-ipsec-ciph-aes-ctr-00.txt
Index(es):
- Date
- Thread