RFC 2405 (rfc2405) - Page 2 of 10
The ESP DES-CBC Cipher Algorithm With Explicit IV
Alternative Format: Original Text Document
RFC 2405 The ESP DES-CBC Cipher Algorithm November 1998
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC-2119].
2. Algorithm and Mode
DES-CBC is a symmetric secret-key block algorithm. It has a block
size of 64 bits.
[FIPS-46-2][FIPS-74] and [FIPS-81] describe the DES algorithm, while
[Schneier96] provides a good description of CBC mode.
2.1 Performance
Phil Karn has tuned DES-CBC software to achieve 10.45 Mbps with a 90
MHz Pentium, scaling to 15.9 Mbps with a 133 MHz Pentium. Other DES
speed estimates may be found in [Schneier96].
3. ESP Payload
DES-CBC requires an explicit Initialization Vector (IV) of 8 octets
(64 bits). This IV immediately precedes the protected (encrypted)
payload. The IV MUST be a random value.
Including the IV in each datagram ensures that decryption of each
received datagram can be performed, even when some datagrams are
dropped, or datagrams are re-ordered in transit.
Implementation note:
Common practice is to use random data for the first IV and the
last 8 octets of encrypted data from an encryption process as the
IV for the next encryption process; this logically extends the CBC
across the packets. It also has the advantage of limiting the
leakage of information from the random number genrator. No matter
which mechnism is used, the receiver MUST NOT assume any meaning
for this value, other than that it is an IV.
To avoid ECB encryption of very similar plaintext blocks in
different packets, implementations MUST NOT use a counter or other
low-Hamming distance source for IVs.
The payload field, as defined in [ESP], is broken down according to
the following diagram:
Madson & Doraswamy Standards Track