[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

compression, privacy, and authenticity transforms



Ref:  Your note of Mon, 08 May 95 18:07:00 (attached)


 >
 > I strongly disagree.  We can take advantage of the properties of the
 > encryption algorithm and mode to reduce the requirements on the complexity
 > of the integrity mechanism iff the integrity check value is protected by
 > the encryption.  This also means that one key can be used to provide
 > confidentiality and integrity.
 >
 > The reduced computation and reduced key management complexity make this
 > type of combination very attractive.
 >
 > Russ
 >

Russ, can you explain *exactly* how are you going to take advantage of the
compression together with encryption in order to provide for *secure*
integrity check?

This issue of using key-less algorithms (CRC, non-cryptographic checksums,
etc.) to provide integrity was extensively discussed in the past
in this WG and fortunately abandoned due to the existing evidence that
these schemes are insecure.
This new (?) idea of using compression with encryption for that purpose
is as unacceptable as the above ones.

Hugo

PS: For some examples on the vulnerabilities of the key-less approach,
see mail by Colin Plumb to this list on Jan 16, 1995,
and the papers by Jueneman, Matyas and Meyer, "Message Authentication",
IEEE Comm.  Magazine, Vol 23, No.9, 9/85, pp. 29-40, and the more recent
by Stubblebine and Gligor in Oakland Conference, 1992.