[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Clogging attacks on SKIP

To: karn@unix.ka9q.ampr.org (Phil Karn)
Subject: Re: Clogging attacks on SKIP
From: uri@watson.ibm.com
Date: Thu, 5 Jan 1995 11:16:03 -0500 (EST)
Cc: amir@watson.ibm.com, ashar@osmosys.incog.com, Ashar.Aziz@eng.sun.com, ipsec@ans.net
In-Reply-To: <199501051120.DAA08766@unix.ka9q.ampr.org> from "Phil Karn" at Jan 5, 95 03:20:12 am
Reply-To: uri@watson.ibm.com

Phil Karn says:
> >  MD5(IPaddresses, time, counter, x)
> As I said when you described this to me in my office on your visit,
> this *is* a really neat trick.
> But I see a problem. We ideally want our KM protocol to be useable on
> a very wide range of CPUs, from palmtops up through Crays.........
> ...................especially when you consider that MD5
> is highly optimized for 32-bit machines and doesn't run nearly as fast
> on a 16-bit 8088 class palmtop.

Phil, you're perfecgly correct, but shouldn't we draw a line somewhere?
Like there might be Z80 CPUs,  but we don't really expect users to run
the stuff on those...  And there are Crays around, but we don't really
plan everybody to upgrade to Crays in the near future?  8088 chips are
nice, but aren't thy going away real fast?

There are two ways, as far as I see. One is to use MD5, and if somebody
insists on running the code on 8088 - tough. The other is - to define a
choice of hash-functions, so users of the "challenged" CPUs will be
able to select the one suitable for them (negotiable parameter).
--
Regards,
Uri         uri@watson.ibm.com      N2RIU
-----------
<Disclamer>

Follow-Ups:

Re: Clogging attacks on SKIP

From: Phil Karn <karn@unix.ka9q.ampr.org>

References:

Re: Clogging attacks on SKIP

From: Phil Karn <karn@unix.ka9q.ampr.org>

Prev by Date: Re: Clogging attacks on SKIP
Next by Date: Re: Clogging attacks on SKIP
Prev by thread: Re: Clogging attacks on SKIP
Next by thread: Re: Clogging attacks on SKIP
Index(es):
- Main
- Thread