Hi Evgeniy:
On Tue, Jul 11, 2006 at 09:31:57AM +0400, Evgeniy Polyakov wrote:
>
> > I noticed a bug in the ESP IV processing. When you do ESP asynchronously,
> > you can no longer use the last block of the previous packet as the IV of
> > the next. This is because the next packet may have started processing
> > before the last packet has even been finalised.
>
> I cought that bug too, so IV being used is always copied into old_iv variable,
> so integrity is stated.
My point is that it is possible for two packets to use the same IV
under this scheme, which defeats the purpose of IVs.
> > A simple solution is to generate a random IV.
>
> Yes, it could be done too.
> But actually neither random IV, nor IV created from encrypted previous packet,
> nor IV created from unencrypted previous packet are forbidden by spec.
> Initial implementation used constant IV there at all.
True. However, using the same IV more than once is definitely not a good
idea.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
