RE: DES-CBC padding

"Joseph D. Harwood" <jharwood@vesta-corp.com> Fri, 04 October 2002 15:42 UTC

Reply-To: jharwood@vesta-corp.com
From: "Joseph D. Harwood" <jharwood@vesta-corp.com>
To: IPsec <ipsec@lists.tislabs.com>
Subject: RE: DES-CBC padding
Date: Fri, 04 Oct 2002 08:15:34 -0700
Organization: Vesta Corporation
Message-ID: <002501c26bb8$e3a17900$beb9fea9@Yellowstone>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Importance: Normal
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk

Hello Rishi,

>From RFC2406 (ESP):

   If Padding bytes are needed but the encryption algorithm does not
   specify the padding contents, then the following default processing
   MUST be used.  The Padding bytes are initialized with a series of
   (unsigned, 1-byte) integer values.  The first padding byte appended
   to the plaintext is numbered 1, with subsequent padding bytes making
   up a monotonically increasing sequence: 1, 2, 3, ...  

>From RFC245 (DES-CBC):

   When padding is required, it MUST be done according to the
   conventions specified in [ESP].



You can find sample packets here:

www.vesta-corp.com/VestaRefPktParse_1_00.zip


Best Regards,
Joseph D. Harwood
(408) 838-9434
jharwood@vesta-corp.com
www.vesta-corp.com



> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com 
> [mailto:owner-ipsec@lists.tislabs.com]
> On Behalf Of Rishi Bhardwaj
> Sent: Friday, October 04, 2002 3:08 AM
> To: ipsec@lists.tislabs.com
> Subject: DES-CBC padding
> 
> Hi
> 
> I am not sure about the padding to be used for DES-CBC mode when it is

> used in IPSec ESP. Can i use random data for padding? If so, can the 
> IV be used for this purpose? Or will i have to follow the procedure 
> outlined in RFC 2406 and pad the last block using a monotonically 
> increasing sequence?
> 
> Regards
> 
> rishi

DES-CBC padding Rishi Bhardwaj
RE: DES-CBC padding Joseph D. Harwood
RE: DES-CBC padding Joseph D. Harwood
RE: DES-CBC padding Satyadeva Konduru