[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re[2]: (Fwd) Authentication and encryption.
Date: Thu, 01 Sep 94 07:15:02
From: "Housley, Russ" <housley@spyrus.com>
Of course, this is correct. The tricky part is, as you say, "if
the encryption is strong and the probability of garbage passing the
integrity check is low enough." Xerox did some work in this area that
resuted in a little known DES mode - Cipher Block Chaining with Checksum
(CBCC). At the expense of one additional XOR per 64-bit data block, a sum
of the ciphertext data blocks is kept. Then, this sum is used in the
encryption (and decryption) of the final data block. CBCC ensures that
changes made to any ciphertext block impact the decrypted output of the
last block. If the last block contains an integrity check (like a CRC) or
a constant, then integrity can be checked with very little additional
overhead. Certainly much less overhead than MD5, epsecially if a constant
is used.
This sounds very similar to the PCBC mode that we used in version 4 of
Kerberos. Of course, our PCBC mode had the unfortunate property that
swapping two ciphertext blocks resulted in no change to subsequent
plaintext blocks.
~ Cliff
References: