RE: replay field size

Phil Karn <karn@qualcomm.com> Wed, 12 February 1997 06:01 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id BAA23069 for ipsec-outgoing; Wed, 12 Feb 1997 01:01:22 -0500 (EST)
Date: Tue, 11 Feb 1997 22:04:54 -0800
From: Phil Karn <karn@qualcomm.com>
Message-Id: <199702120604.WAA21035@servo.qualcomm.com>
To: mjo@tycho.ncsc.mil
CC: ipsec@tis.com, rja@inet.org, palamber@us.oracle.com
In-reply-to: <9702112127.AA27443@tarius.tycho.ncsc.mil> (mjo@tycho.ncsc.mil)
Subject: RE: replay field size
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

My opinions:

Make the replay counters 32 bits for both AH and ESP. Should be plenty
for any rational key lifetime, and the arithmetic is easier on
compilers without "long long" data types...

Shorten the SHA-1 hash to 128 bits. Probably won't be any worse than
MD-5...

Phil