[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: weak devices

To: bsimpson@morningstar.com
Subject: Re: weak devices
From: " " <amir@watson.ibm.com>
Date: Thu, 12 Jan 1995 12:36:40 -0500
Cc: IPSEC@ans.net
In-Reply-To: Your message of "Wed, 11 Jan 1995 11:48:58 GMT." <3676.bill.simpson@um.cc.umich.edu>


Bill,

Are you concerned about the single MD5 operation req' to
check against clogging attack? (the many MD5 operations
are req' for the initiator of the communication so are
not subject to clogging attacks)

My belief is that doing an MD5, or a few multiplications as in MKMP and Jim's
proposals, is something you should
be able to do even under clogging, since they are
comparable work to the processing of packets.

Photuris cookies provide anti-clogging protection which does not expose
anonymity. I think this is their plus.
As usual, we have to consider the tradeoffs and decide.
It is not black vs white.

Best, Amir

> > OK, then why were we discussing how fast or slow MD5 is on those
> > trusted but underpowered machines?
> >
> Because the modular exponentiation is done only once every few hours or
> days.
>
> The MD5 (as opposed to Photuris cookies) is to prevent clogging attacks
> many times a second.  You can't prevent clogging attacks with an
> algorithm that clogs the machine!
>
> Bill.Simpson@um.cc.umich.edu

References:

Re: weak devices

From: "William Allen Simpson" <bill.simpson@um.cc.umich.edu>

Prev by Date: Re: weak devices
Next by Date: Where is IPSP?
Prev by thread: Re: weak devices
Next by thread: Re: weak devices
Index(es):
- Main
- Thread