[strongSwan] Initialization vector (IV) creation criteria
Martin Willi
martin at strongswan.org
Thu Jun 27 14:01:34 CEST 2013
Hi,
> - It is explicitly not allowed to construct the IV from the encrypted
> data of the preceding encryption process.
> Does the strongswan follow this criteria when it encrypts ESP
> packets?
strongSwan is not directly involved in the ESP encapsulation process,
this is usually done by the kernel. On Linux, the different transforms
use different algorithms to generate the IV, refer to the kernel sources
for more details.
strongSwan generates IVs for IKE packets, these IVs are usually read
from /dev/urandom.
Regards
Martin
More information about the Users
mailing list