Null Encryption

There is a Null Encryption Algorithm supported by the IPsec, which you can use to encrypt IPsec packets, and I had a lot of fun reading its RFC yesterday. As you may have already guessed from its name, what it does is nothing. If you wonder how someone could have written a document of 1400+ words specifying something that literally does nothing then I suggest that you read RFC 2410. Here are some bits and pieces from the document:

NULL is a block cipher the origins of which appear to be lost in antiquity.  Despite rumors that the National Security Agency suppressed publication of this algorithm, there is no evidence of such action on their part. Rather, recent archaeological evidence suggests that the NULL algorithm was developed in Roman times, as an exportable alternative to Ceaser ciphers. However, because Roman numerals lack a symbol for zero, written records of the algorithm’s development were lost to historians for over two millennia.

Like other modern ciphers, e.g., RC5 [RFC-2040], the NULL encryption algorithm can make use of keys of varying lengths.  However, no measurable increase in security is afforded by the use of longer key lengths.

The NULL encryption algorithm combines many of the best features of both block and stream ciphers, while still not requiring the transmission of an IV or analogous cryptographic synchronization data.

The NULL encryption algorithm is significantly faster than other commonly used symmetric encryption algorithms and implementations of the base algorithm are available for all commonly used hardware and OS platforms.

The following is a set of test vectors to facilitate in the development of interoperable NULL implementations.

test_case =      1
data =           0x123456789abcdef
data_len =       8
NULL_data =      0x123456789abcdef

test_case =      2
data =           "Network Security People Have A Strange Sense Of Humor"
data_len =       53
NULL_data =      "Network Security People Have A Strange Sense Of Humor"

For purposes of IKE [IKE] key extraction, the key size for this algorithm MUST be zero (0) bits, to facilitate interoperability and to avoid any potential export control problems.

At the time of this writing there are no known laws preventing the exportation of NULL with a zero (0) bit key length.

Leave a Reply