[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: new draft of my paper

To: Robert Moskowitz <rgm3@is.chrysler.com>
Subject: Re: new draft of my paper
From: Steven Bellovin <smb@research.att.com>
Date: Tue, 26 Mar 1996 07:53:49 -0500
Cc: ipsec@TIS.COM
Sender: ipsec-request@neptune.tis.com

	 At 10:11 PM 3/25/96 -0500, Steve Bellovin wrote:
	 >I normally wouldn't announce a new version of a draft paper this
	 >soon; however, David Wagner has found a fascinating new attack
	 >called the ``short block'' attack.  It's described in Section 3.8.
	 >The attack can recover read most user-to-host traffic on a large
	 >class of telnet sessions (though not all), using 2^8 known plaintext
	 >blocks and a simple active attack.  This attack can be defeated if AH
	 >is used outside of ESP, protecting the integrity of the encrypted
	 >message (i.e., IP-AH-ESP-TCP is safe); using AH inside of ESP is not
	 >safe.
	 
	 Excuse, please, my naivety, but to what extent would a compression bef
	ore
	 encryption defeat known plaintext attacks?  It would seem that compres
	sion
	 could eliminate all known plaintext unless the plaintext was so long a
	 block
	 to always get compressed the same way.

Compression would help, but perhaps not that much -- there's still the
IP header, the compression dictionary, any incompressible sections, etc.
2^8 blocks isn't that much, and because of the way CBC works even repeated
plaintext like IP header addresses will be different each time.

Follow-Ups:

Re: new draft of my paper

From: Phil Karn <karn@qualcomm.com>

Prev by Date: Re: new draft of my paper
Next by Date: Re: new draft of my paper
Prev by thread: Re: new draft of my paper
Next by thread: Re: new draft of my paper
Index(es):
- Main
- Thread