[strongSwan] Initialization vector (IV) creation criteria

Shashidhar Patil shashi_patil77 at yahoo.com
Thu Jun 27 10:33:29 CEST 2013


Hi, 

as per 3GPP TS33.210, chapter 5.3.5 on the
construction of the Initialization vector (IV):
- It is explicitly not allowed to construct the IV from the encrypted data of the preceding
encryption process.
The common practice of constructing the IV from the encrypted data of the preceding
encryption process means that the IV is disclosed before it is used. A predictable IV exposes
IPsec to certain attacks irrespective of the strength of the underlying cipher algorithm.
 
how does strongswan handles such criteria?
Does the strongswan follow this criteria when it encrypts ESP packets ?
I think strongswan need not be compliant to 3GPP standards but the reason for which such criteria is introduced, is generic and applicable to any IPSec implementaion.
 
 
Best Regards,
______________
Shashidhar Patil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130627/aef0bfef/attachment.html>


More information about the Users mailing list