[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to authenticate ESP (was risks of MACs)



: Date: Tue, 31 Jan 1995 21:05:20 -0500
: From: "Perry E. Metzger" <perry@imsi.com>
: 
: Right now, I'm still wondering which of two approaches to take in my
: next draft:
: 
: 1) [IP Header][SAID][keyed MD5 of whole (encrypted) packet][3DES protected]
: 
: 2) [IP Header][SAID][[MD5 Hash] 3DES Protected]
: 
: Opinions, folks?
: Perry

Since both aproaches are 'generic' the time till all the documents are
done is about the same.

But the second has the potential advantage of being faster.  (Only for
carefully chosen <non-cryptographic check sum, cypher> pairs like
<CRC+{{DES,3DES,IDEA...}CFB}>.).  It has the potential disadvantage of
being in-effective (Bit flipping attacks on <CRC+{...}OFB>).

j'


References: