[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipsec
Subject:    Re: Draft des-md5 v3
From:       "James Hughes" <hughes () nsco ! network ! com>
Date:       1997-01-14 18:46:36
[Download RAW message or body]

> While implementing the DES-MD5 transform as of draft v3, i noticed
> that the algorithm that checks the replay counter window that's given
> would not work correctly with the draft's specification; the algorithm
> assumes that the initial value of the replay counter is 1 (or 0), but
> the draft has the counter initialized to some arbitrary value (an MD5
> result).

The counter must be "aliased" to 0 by subtracting the received value from
the initial value. Unsigned arithemetic works just fine for this.

jim

[prev in list] [next in list] [prev in thread] [next in thread]