RFC 2451 (rfc2451) - Page 3 of 14


The ESP CBC-Mode Cipher Algorithms



Alternative Format: Original Text Document

< Previous
Next >


RFC 2451             ESP CBC-Mode Cipher Algorithms        November 1998


   While this document illustrates certain cipher algorithms such as
   Blowfish [Schneier93], CAST-128 [Adams97], 3DES, IDEA [Lai] [MOV],
   and RC5 [Baldwin96], any other block cipher algorithm may be used
   with ESP if all of the variables described within this document are
   clearly defined.

2.1 Mode

   All symmetric block cipher algorithms described or insinuated within
   this document use Cipher Block Chaining (CBC) mode.  This mode
   requires an Initialization Vector (IV) that is the same size as the
   block size.  Use of a randomly generated IV prevents generation of
   identical ciphertext from packets which have identical data that
   spans the first block of the cipher algorithm's blocksize.

   The IV is XOR'd with the first plaintext block, before it is
   encrypted.  Then for successive blocks, the previous ciphertext block
   is XOR'd with the current plaintext, before it is encrypted.

   More information on CBC mode can be obtained in [Schneier95].

2.2 Key Size

   Some cipher algorithms allow for variable sized keys, while others
   only allow a specific key size.  The length of the key correlates
   with the strength of that algorithm, thus larger keys are always
   harder to break than shorter ones.

   This document stipulates that all key sizes MUST be a multiple of 8
   bits.

   This document does specify the default key size for each cipher
   algorithm.  This size was chosen by consulting experts on the
   algorithm and by balancing strength of the algorithm with
   performance.
















Pereira & Adams             Standards Track


< Previous
Next >


Web Standards & Support:

Link to and support eLook.org Powered by LoadedWeb Web Hosting
Valid XHTML 1.0! Valid CSS! eLook.org FireFox Extensions