[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AH-MD5

To: perk@watson.ibm.com (Charlie Perkins)
Subject: Re: AH-MD5
From: "Perry E. Metzger" <perry@imsi.com>
Date: Wed, 25 Jan 1995 19:27:42 -0500
Cc: ipsec@ans.net
In-Reply-To: Your message of "Wed, 25 Jan 1995 17:00:29 EST." <9501252200.AA38973@hawpub1.watson.ibm.com>
Reply-To: perry@imsi.com


Charlie Perkins says:
> Say we have two protocols -- IP, and XXP.  XXP was invented in 1999.
> Just by coincidence that nobody thought of, it is possible with
> protocol XXP to cause a packet to emerge that looks like a valid
> IP packet (but isn't) and seems to have a long IP length field.
> Then the resulting XXP packet, authenticated with an MD5 checksum,
> may be vulnerable to a variety of append attack to "fill out" the
> rest of the "pretend-IP" packet to be something dangerous.

I don't understand how this exploit works. Could you explain it in
more detail? Wouldn't exploiting this require that the attacker steal
the MD5 key somehow? After all, you wouldn't normally be
authenticating an XXP packet with the same key that you'd be using for
some arbitrary IP connection (or at least, you'd have only a tiny
chance of doing so -- no greater a chance than of using the same MD5
key for two arbitrary IP SAIDs).

Perry

References:

Re: AH-MD5

From: perk@watson.ibm.com (Charlie Perkins)

Prev by Date: Re: keyed-MD5 placement of secret
Next by Date: Re[2]: AH-MD5
Prev by thread: Re: AH-MD5
Next by thread: Re[2]: AH-MD5
Index(es):
- Main
- Thread