[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

draft-ietf-ipsec-<many>-00.txt

To: housley@spyrus.com, perry@imsi.com
Subject: draft-ietf-ipsec-<many>-00.txt
From: hugo@watson.ibm.com
Date: Tue, 17 Jan 95 18:22:19 EST
Cc: ipsec@ans.net

Ref:  Your note of Tue, 17 Jan 95 13:54:38 (attached)


 >
 > > One legitimate question, of course, might be whether or not we'd be
 > > better off with a DES MAC, on the premise that we could gain some
 > > performance that way since we are already DES walking the entire packet
 > > anyway...
 >
 > I do not recall the source, but my recollection is that it is not a good idea to
 > use DES MAC and DES CBC with the same key.  If you use two different keys, ont
 > fro DES MAC and one for DES CBC, then there are no security concerns.  Of couse,
 > this raises some performance concerns.
 >
 > Russ


Using CBC and MAC with the same key is clearly insecure (except if I
misunderstand what you mean by this).
DES-MAC is defined as the last block (or bits) of the encryption under CBC.
Therefore, by using the same key,
your authentication results in repeating the last block of the
ciphertext, but then changing the ciphertext to *anything* and then
appending the last (possibly modified) block as checsum will be undetected.

Notice that appending the MAC to the message and encrypting this MAC
together with the rest will not help: you'll be always appending a fixed
value: DES(0)!

Hugo

Prev by Date: draft-ietf-ipsec-ah-md5-00.txt
Next by Date: Re: draft-ietf-ipsec-ah-md5-00.txt
Prev by thread: draft-ietf-ipsec-<many>-00.txt
Next by thread: triple DES
Index(es):
- Main
- Thread