[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Results of quick survey

To: uri@watson.ibm.com
Subject: Re: Results of quick survey
From: Steven Bellovin <smb@research.att.com>
Date: Wed, 22 May 1996 18:56:03 -0400
Cc: Phil Karn <karn@qualcomm.com>, ipsec@TIS.COM
Sender: ipsec-approval@neptune.tis.com

	 Phil Karn says:
	 > One point about the relative ordering of authentication and encrypti
	on.
	 > Even though I can now do DES pretty fast, it's still true that if yo
	u
	 > wrap encryption outside authentication then you still have to perfor
	m
	 > both algorithms to determine that the packet is bogus. 
	 
	 On the other hand, it is considered best to authenticate the
	 "final result" date, which is the plaintext. For "proving"
	 that this encrypted data was "kosher" strictly speaking,
	 is NOT equivalent to "proving" that the decrypted data
	 is what was sent (i.e. it may decrypt to different
	 things under different keys and so on)...
	 
	 Do we care? [I understand your concern about performance.]

The problem with putting the authentication check on the inside is that
the short-block guessing attack can be used.

I'm not at all convinced, though, that denial-of-service is worth
worrying about here.  Or rather, it is a problem, and a serious one,
but it would happen either way; it's very cheap for the attacker to
generate the packets and expensive for you to detect them, whichever
tack you take.

Prev by Date: Re: Results of quick survey
Next by Date: ESP transform
Prev by thread: Re: Results of quick survey
Next by thread: Re: Results of quick survey
Index(es):
- Main
- Thread