In my opinion the following can be implemented with little change to CIPE.
The changes involved should be clearly auditable and should carry little risk
of introducing bugs.
1. Choice of checksum (via options). There is an open source version of MD5
which is old enough to be accepted. Some may complain about MD5, or about not
having a signed checksum. In the light of the possible attack we are trying
to defend against MD5 is prefectly adequate, requires low computational
effort and no extra key material.
2. Disable static key for data exchange (via options).
3. Do not identify static key use in the IV (via options). This will involve
an extra decrytion step is the dynamic key decrypt fails.
4. Choice of padding (via options). The following should be allowed:
4.0 As now.
4.1 Fixed maximum packet size (i.e. mtu)
4.2 Fixed minimum packet size (i.e. all packets shorter than this are padded
to this length)
4.3 In combination with above - modulo 8 or 16 bytes.
As a side note I have not looked into what effect (4) will have as regards
demands it places on the random number generator used in CIPE. It will
certainly require a whole lot more random bytes. On this basis we may want to