[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AH-MD5




Hilarie Orman says:
> The security provided to IP depends on the MD5 algorithm.  The security
> of the MD5 algorithm depends on the structure of the IP datagram.  This
> is a dependency loop, the sort of thing that one tries to avoid in
> secure software design.

If MD5 is a strong hash algorithm, then it should be impossible for an
attacker to produce another text that has the same hash. That means
that it should be impossible for an attacker to replace contents of
the packet -- including the length -- without it being noticed. The
attacker could replace the hash, but without knowing the key that
should not be possible. The attacker could steal the packet and
replace it with one with an extension of the plaintext and a hash
derived from the original hash by extension, but then they would have
to hack the length. If anyone can concretely think of something we
haven't thought of here, please mention it.

.pm


References: