[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (Fwd) Authentication and encryption.

To: "James P. Hughes" <hughes@hughes.network.com>
Subject: Re: (Fwd) Authentication and encryption.
From: Steve Kent <kent@BBN.COM>
Date: Wed, 31 Aug 94 12:23:12 -0400
Cc: ipsec@ans.net
In-Reply-To: Your message of Wed, 31 Aug 94 10:44:38 -0500. <9408311044.ZM18109@hughes.network.com>

Jim,

	I think what Uri may have had in mind was someting like the
TCP checksum.  In the IPSP model, that checksum would be computed on
plaintext and then the checksum and the plaintext on which it was
computed would be encrypted.  If one used OFB encryption, an attacker
could easily modify the ciphertext in a fashion that the resulting
plaintext changes would be invarient under the checksum.  However, use
of an encryption mode such as CBC makes this sort of attack more
diffcult (if the attacker doesn't posses the key).

Steve

References:

Re: (Fwd) Authentication and encryption.

From: hughes@hughes.network.com (James P. Hughes)

Prev by Date: IPSEC requirements
Next by Date: Re: (Fwd) Authentication and encryption.
Prev by thread: Re: (Fwd) Authentication and encryption.
Next by thread: Re: (Fwd) Authentication and encryption.
Index(es):
- Main
- Thread