Re: draft-ietf-ipsec-<many>-00.txt

[colin@nyx10.cs.du.edu (Colin Plumb)]

> Now, we have to agree on which other transforms to write up!  I favor
> triple DES, and DES-CBC with CRC.

> Perry likes MD5 instead of CRC, but I think that the CRC would improve
> speed, and be good enough when encrypted afterward.

If you can XOR a specific pattern into the DES-CBC IV, on decrypting
the resultant plaintext has that pattern XORed into the first data
block.  Since the IV is longer than the CRC and I know the CRC
polynomial, I can choose an XOR pattern that is divisible by the
polynomial, and thus
undetected by it.

Thus, I can make a large number of undetected changes (defined as XORs)
to the first 8 bytes of a message.  If I know what they are to start
with, I can possibly change them to desired values.

Is this a problem?

CBC is ciphertext[i] = encrypt(plaintext[i] ^ ciphertext[i-1]), so
plaintext[i] = ciphertext[i-1] ^ decrypt(ciphertext[i]), so
plaintext[0] = decrypt(ciphertext[0]) ^ IV.
-- 
	-Colin

---

Follow-Ups:

• Re: draft-ietf-ipsec-<many>-00.txt
• From: "Perry E. Metzger" <perry@imsi.com>

---

• Prev by Date: Re: draft-ietf-ipsec-<many>-00.txt
• Next by Date: Re: draft-ietf-ipsec-ah-md5-00.txt
• Prev by thread: Re: draft-ietf-ipsec-<many>-00.txt
• Next by thread: Re: draft-ietf-ipsec-<many>-00.txt
• Index(es):
  • Main
  • Thread