"It depends." For most reliable data stream encryption, you want to
use CBC mode, where the previous and current packets are sufficient to
decrypt the current packet. For datagram encryption, you may end up
using ECB, which means that with the key and a given packet, you can
decrypt the given packet.
CBC and ECB were originally (publicly) documented with the DES.
Adam
On Thu, Sep 23, 1999 at 11:05:19AM -0600, Robert L. Moore wrote:
| Folks:
|
| OK, ok, so this isn't *exactly* a firewall question,
| but it is closely related! I understand most encryption
| algorithms that IPsec and protocols use, but I have a very
| specific question that I can't quite find in any
| article/book
| that I've purused on the subject....
|
| If you look at any given packet's payload and you have
| the proper keys, can you decipher the payload of this
| specific
| packet...or do you need some other portion of the encrypted
| stream? That is, can I decrypt on the fly on a
| packet-by-packet
| basis or do I need to keep track of the session and
| accumulate
| some portion (or all) of the application data before
| decrypting?
| (I'm talking here about Ethernet packets, but I guess that
| doesn't
| really matter).
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
