[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bellovin's and Ashar's attacks



Ashar,

While it is theoretically true that :

>  The implementation scenarios where this might be problematic
>  is if there is crypto-hardware where key setup may take
>  a while. Also, this is problematic if the cipher has
>  a naturally long key-setup overhead. This isn't the case
>  for a software implementation of DES-CBC.
>  

I don't think this is going to be a factor in practice. Since encryption is
taking place at the IP layer, there can be no expectation that rekeying will
not occur on each packet. IP packets can be coming from all over the place
and will produce a jumble. Any ESP implementation will have to deal with
frequent rekeying, although some operational environments may not require
it, e.g., where a machine is encrypting traffic to only one other machine.

Dan


Follow-Ups: