[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Replay protection with Manual keying
Naganand Doraswamy wrote:
> Are we right in saying that one should not use
> replay protection with manual keying?
>
> manual keying, the SA'a are static. The only way to avoid this is to keep
> track of the sequence number and make it persistent.
>
> Comments?
Right. This problem also appears in esp-stream-01, and we came to the same
conclusion. If you use replay protection, you rely on rather frequent (e.g.
once every 5 minutes) key changes to allow for resynchronisation. The
obvious alternative is not to do replay protection.
Friendly greetings,
Germano
From: Steve Bellovin <smb@research.att.com>
To: ipsec@TIS.COM
Subject: new paper
Date: Thu, 05 Sep 1996 19:23:35 -0400
Sender: ipsec-approval@neptune.tis.com
Precedence: bulk
Message-ID: <9609060729.aa02154@neptune.TIS.COM>
Folks on this mailing list may be interested in a new draft paper of mine:
Probable Plaintext Cryptanalysis of the IP Security Protocols
The Internet Engineering Task Force (IETF) is in the process
of adopting standards for IP-layer encryption and authentication
(IPSEC). We describe how ``probable plaintext'' can be
used to aid in cryptanalytic attacks, and analyze the
protocol to show how much probable plaintext is available.
We also show how traffic analysis is a powerful aid to the
cryptanalyst. We conclude by outlining some likely changes
to the underlying protocols that may strengthen them against
these attacks.
It's available from ftp://ftp.research.att.com/dist/smb/probtxt.ps
References: