[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bellovin's and Ashar's attacks

To: perry@imsi.com
Subject: Re: Bellovin's and Ashar's attacks
From: Danny.Nessett@eng.sun.com (Dan Nessett)
Date: Thu, 13 Apr 1995 09:35:05 -0700
Cc: ipsec@ans.net

Perry,

In response to my question :

>  > I'm not sure how an ESP protected
>  > packet can be demultiplexed by the IP layer, so it can be routed to
>  > the appropriate transport layer code, without first decrypting
>  > it.

you observe :

>  It can't. You decrypt it first and then pass it along with information
>  to the transport that indicates what the transform that had been used
>  for the encapsulation was before you unencapsulated the packet.

This seems to confirm my original point that the IP layer will have to
continually rekey in order to process arriving packets.

One implementation strategy that could improve performance would be to
devise (or use, if one already exists) a software version of DES that
accepts an expanded key schedule as well as a traditional 64/56 bit key.
Does anyone know if there are hardware version of DES that either accept
key schedules or allow more than one to be cached within a chip?

Dan

Prev by Date: Re: Bellovin's and Ashar's attacks
Next by Date: Re: Bellovin's and Ashar's attacks
Prev by thread: Re: Bellovin's and Ashar's attacks
Next by thread: Re: Bellovin's and Ashar's attacks
Index(es):
- Main
- Thread