Hi Evgeniy: On Tue, Jul 11, 2006 at 09:31:57AM +0400, Evgeniy Polyakov wrote: > > > I noticed a bug in the ESP IV processing. When you do ESP asynchronously, > > you can no longer use the last block of the previous packet as the IV of > > the next. This is because the next packet may have started processing > > before the last packet has even been finalised. > > I cought that bug too, so IV being used is always copied into old_iv variable, > so integrity is stated.
My point is that it is possible for two packets to use the same IV under this scheme, which defeats the purpose of IVs. > > A simple solution is to generate a random IV. > > Yes, it could be done too. > But actually neither random IV, nor IV created from encrypted previous > packet, > nor IV created from unencrypted previous packet are forbidden by spec. > Initial implementation used constant IV there at all. True. However, using the same IV more than once is definitely not a good idea. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
