[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Internet Protocol Security Protocol (ipsec)

To: Bob Smart <smart@mel.dit.csiro.au>
Subject: Re: Internet Protocol Security Protocol (ipsec)
From: Steve Kent <kent@BBN.COM>
Date: Wed, 30 Jun 93 10:29:28 -0400
Cc: ipsec@ans.net
In-Reply-To: Your message of Tue, 29 Jun 93 09:44:45 +1000. <9306282344.AA04590@squid.mel.dit.CSIRO.AU>

Bob,

	Sorry I used a term not everyone is familiar with.
Unpredictable error propogation implies that a change to the
ciphertext manifests itself as a change to some number of plaintext
bits, where the precise number and location of the modified plaintext
bits is not predictable by the attacker.  It does not imply that all
subsequenc bits in a message, data stream , etc. are trashed (to use a
technical term).  For example, using the DES in CBC mode provide
unpredictable error propogation that is bounded by the 64-bit block
size of the underlying cipher codebook.  A change to a bit of
ciphertext results in an average of 32 bits being changed in the
underlying plaintext.  The region in which these 32 bits will be
changed is precictable, but the exact bits that are changes is not.
This makes it very hard for an attacker to modify ciphertext in a
fashion that is not detectable by a the reciver of the plaintext,
assuming good choices of error detection codes.

Hope this helps,

Steve

References:

Re: Internet Protocol Security Protocol (ipsec)

From: Bob Smart <smart@mel.dit.csiro.au>

Prev by Date: Reorganized NLSP
Prev by thread: Re: Internet Protocol Security Protocol (ipsec)
Next by thread: Re: Internet Protocol Security Protocol (ipsec)
Index(es):
- Main
- Thread