[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: replay attacks
Hi Ran,
I would be willing to write up a privacy+integrity
transform based on DES + some flavor of keyed MD5.
My sense has been that these goals are best kept
architecturally orthogonal (i.e., one would use ESP + AH
protection if you expect privacy + authenticity), yet
there may be some benefits (e.g., slightly smaller total
packet length) if one treats the privacy + authenticity transform
as a single composite one.
Regarding replay detection: I suggest that,
rather than use as a sequence number the 16-bit reserved space of
the AH header (which would be a bit spare!) replay detection can
be handled by choosing a MAC mechanism which directly provides
that service. Indeed a 96-128 bit MAC has ample space to
directly incorporate replay detection, and one can "generically"
modify any (ordinary) Message Authentication mechanism into a new
one which protects against replays. The cost is making the
MAC some 32-64 bits longer, say.
Phil
Follow-Ups: