RFC 1851 (rfc1851) - Page 2 of 11
The ESP Triple DES Transform
Alternative Format: Original Text Document
RFC 1851 ESP 3DES September 1995
1. Introduction
The Encapsulating Security Payload (ESP) [RFC-1827] provides
confidentiality for IP datagrams by encrypting the payload data to be
protected. This specification describes the ESP use of a variant of
of the Cipher Block Chaining (CBC) mode of the US Data Encryption
Standard (DES) algorithm [FIPS-46, FIPS-46-1, FIPS-74, FIPS-81].
This variant, known as Triple DES (3DES), processes each block of the
plaintext three times, each time with a different key [Tuchman79].
This document assumes that the reader is familiar with the related
document "Security Architecture for the Internet Protocol" [RFC-
1825], which defines the overall security plan for IP, and provides
important background for this specification.
1.1. Keys
The secret 3DES key shared between the communicating parties is
effectively 168-bits long. This key consists of three independent
56-bit quantities used by the DES algorithm. Each of the three 56-
bit subkeys is stored as a 64-bit (eight octet) quantity, with the
least significant bit of each octet used as a parity bit.
1.2. Initialization Vector
This mode of 3DES requires an Initialization Vector (IV) that is
eight octets in length.
Each datagram contains its own IV. Including the IV in each datagram
ensures that decryption of each received datagram can be performed,
even when other datagrams are dropped, or datagrams are re-ordered in
transit.
The method for selection of IV values is implementation dependent.
Notes:
A common acceptable technique is simply a counter, beginning with
a randomly chosen value. While this provides an easy method for
preventing repetition, and is sufficiently robust for practical
use, cryptanalysis may use the rare serendipitous occurrence when
a corresponding bit position in the first DES block increments in
exactly the same fashion.
Karn, et al Experimental
