Re: comments on Photuris

[ashar@osmosys.incog.com (Ashar Aziz)]

> From ipsec-request@ans.net Mon Feb  6 17:17 PST 1995
> >While special purpose checks may prevent some of the scenarios I
> >described, I think it is a bad idea to proceed with a protocol that 
> >permits the kinds of scenarios that were described in my message.
>
> DES, 3DES, IDEA and most other conventional ciphers I know of have weak
> keys. I say we abandon conventional ciphers!
> 
> Seriously, though, bounds checking is needed almost whatever one does.

I think you misunderstood my intent. What I was trying to say was that 
these special cases were the symptom of a larger problem. The larger
problem is that if an adversary can steal one single signature
over a quantity whose discrete log it knows or can compute, (in
the format that the protocol expects) then this is catastrophic to 
the protocol, because it allows umlimited impersonation thereafter.

This is a very dangerous edge to be sitting on.

Regards,
Ashar.

---

Follow-Ups:

• Re: comments on Photuris
• From: "Perry E. Metzger" <perry@imsi.com>

---

• Prev by Date: Re: How to authenticate ESP (was risks of MACs)
• Next by Date: Re: comments on Photuris
• Prev by thread: Re: comments on Photuris
• Next by thread: Re: comments on Photuris
• Index(es):
  • Main
  • Thread