Browse Prior Art Database

The ESP DES-CBC Cipher Algorithm With Explicit IV (RFC2405)

IP.com Disclosure Number: IPCOM000002980D
Original Publication Date: 1998-Nov-01
Included in the Prior Art Database: 2019-Feb-11
Document File: 10 page(s) / 14K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

C. Madson: AUTHOR [+1]

Related Documents

10.17487/RFC2405: DOI

Abstract

This document describes the use of the DES Cipher algorithm in Cipher Block Chaining Mode, with an explicit IV, as a confidentiality mechanism within the context of the IPSec Encapsulating Security Payload (ESP). [STANDARDS-TRACK]

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 18% of the total text.

Network Working Group C. Madson Request for Comments: 2405 Cisco Systems, Inc. Category: Standards Track N. Doraswamy Bay Networks, Inc. November 1998

The ESP DES-CBC Cipher Algorithm With Explicit IV

Status of this Memo

This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1998). All Rights Reserved.

Abstract

This document describes the use of the DES Cipher algorithm in Cipher Block Chaining Mode, with an explicit IV, as a confidentiality mechanism within the context of the IPSec Encapsulating Security Payload (ESP).

1. Introduction

This document describes the use of the DES Cipher algorithm in Cipher Block Chaining Mode as a confidentiality mechanism within the context of the Encapsulating Security Payload.

DES is a symmetric block cipher algorithm. The algorithm is described in [FIPS-46-2][FIPS-74][FIPS-81]. [Schneier96] provides a general description of Cipher Block Chaining Mode, a mode which is applicable to several encryption algorithms.

As specified in this memo, DES-CBC is not an authentication mechanism. [Although DES-MAC, described in [Schneier96] amongst other places, does provide authentication, DES-MAC is not discussed here.]

For further information on how the various pieces of ESP fit together to provide security services, refer to [ESP] and [road].

Madson & Doraswamy Standards Track [Page 1]

RFC 2405 The ESP DES-CBC Cipher Algorithm November 1998

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC-2119].

2. Algorithm and Mode

DES-CBC is a symmetric secret-key block algorithm. It has a block size of 64 bits.

[FIPS-46-2][FIPS-74] and [FIPS-81] describe the DES algorithm, while [Schneier96] provides a good description of CBC mode.

2.1 Performance

Phil Karn has tuned DES-CBC software to achieve 10.45 Mbps with a 90 MHz Pentium, scaling to 15.9 Mbps with a 133 MHz Pentium. Other DES speed estimates may be found in [Schneier96].

3. ESP Payload

DES-CBC requires an explicit Initialization Vector (IV) of 8 octets (64 bits). This IV immediately precedes the protected (encrypted) payload. The IV MUST be a random value.

Including the IV in each datagram ensures that decryption of each received datagram can be performed, even when some datagrams are dropped, or datagrams are re-ordered in transit.

Implementation note:

Common practice is to use random data for the first IV and the last 8 octets of encrypted data from an encryption process as the IV for the next encryption process; this logically extends the CBC across the packets. It also has the advantage of limiting the leak...

Processing...
Loading...