Browse Prior Art Database

The ESP DES-CBC Cipher Algorithm With Explicit IV (RFC2405)

IP.com Disclosure Number: IPCOM000002980D
Original Publication Date: 1998-Nov-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 8 page(s) / 19K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

C. Madson: AUTHOR [+2]

Abstract

This document describes the use of the DES Cipher algorithm in Cipher Block Chaining Mode, with an explicit IV, as a confidentiality mechanism within the context of the IPSec Encapsulating Security Payload (ESP).

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 15% of the total text.

Network Working Group C. Madson

Request for Comments: 2405 Cisco Systems, Inc.

Category: Standards Track N. Doraswamy

Bay Networks, Inc.

November 1998

The ESP DES-CBC Cipher Algorithm

With Explicit IV

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1998). All Rights Reserved.

Abstract

This document describes the use of the DES Cipher algorithm in Cipher

Block Chaining Mode, with an explicit IV, as a confidentiality

mechanism within the context of the IPSec Encapsulating Security

Payload (ESP).

1. Introduction

This document describes the use of the DES Cipher algorithm in Cipher

Block Chaining Mode as a confidentiality mechanism within the context

of the Encapsulating Security Payload.

DES is a symmetric block cipher algorithm. The algorithm is described

in [FIPS-46-2][FIPS-74][FIPS-81]. [Schneier96] provides a general

description of Cipher Block Chaining Mode, a mode which is applicable

to several encryption algorithms.

As specified in this memo, DES-CBC is not an authentication

mechanism. [Although DES-MAC, described in [Schneier96] amongst other

places, does provide authentication, DES-MAC is not discussed here.]

For further information on how the various pieces of ESP fit together

to provide security services, refer to [ESP] and [road].

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",

"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this

document are to be interpreted as described in [RFC-2119].

2. Algorithm and Mode

DES-CBC is a symmetric secret-key block algorithm. It has a block

size of 64 bits.

[FIPS-46-2][FIPS-74] and [FIPS-81] describe the DES algorithm, while

[Schneier96] provides a good description of CBC mode.

2.1 Performance

Phil Karn has tuned DES-CBC software to achieve 10.45 Mbps with a 90

MHz Pentium, scaling to 15.9 Mbps with a 133 MHz Pentium. Other DES

speed estimates may be found in [Schneier96].

3. ESP Payload

DES-CBC requires an explicit Initialization Vector (IV) of ...