[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: keyed-MD5 placement of secret

To: hugo@watson.ibm.com
Subject: Re: keyed-MD5 placement of secret
From: "Perry E. Metzger" <perry@imsi.com>
Date: Thu, 26 Jan 1995 19:02:28 -0500
Cc: bsimpson@morningstar.com, IPSEC@ans.net, jis@mit.edu
In-Reply-To: Your message of "Thu, 26 Jan 1995 14:40:40 EST." <199501261945.AA34880@interlock.ans.net>
Reply-To: perry@imsi.com


hugo@watson.ibm.com says:
> Exactly! This is why you want an authentication function whose security
> is independent of the particular usage/scenario/assumptions.

You are asking that we prepend the length to packets that already
specify their length at a fixed location.  I don't understand why we
need that. The specification is "keyed MD5 with length at a fixed
point in the packet to prevent appending attacks". We've got that. I
see no cryptographic reason to include the length twice -- the two are
identical. From a software engineering standpoint there is no reason
that I can see, either -- there is no code sharing between the kernel
and your SNMP implementation, for instance.

Remember that no security function can operate for all possible
scenarios. Our security function works fine for our scenario.

Perry

References:

keyed-MD5 placement of secret

From: hugo@watson.ibm.com

Prev by Date: Re: keyed-MD5 placement of secret
Next by Date: pointless semantic dithering
Prev by thread: Re: keyed-MD5 placement of secret
Next by thread: keyed-MD5 placement of secret
Index(es):
- Main
- Thread