[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A hole in esp-stream-01

To: "Angelos D. Keromytis" <angelos@aurora.cis.upenn.edu>
Subject: Re: A hole in esp-stream-01
From: Germano Caronni <caronni@tik.ee.ethz.ch>
Date: Thu, 24 Oct 1996 16:51:51 +0200 (MET DST)
Cc: ipsec@TIS.COM
In-Reply-To: <199610240149.VAA06155@coredump.cis.upenn.edu> from "Angelos D. Keromytis" at Oct 23, 96 09:49:20 pm
Sender: ipsec-approval@neptune.tis.com

Angelos D. Keromytis wrote:
> 
> So, he'll get P(i) + K(i-1)...he can recursively break this, starting
> from the first ciphertext unit (bit or byte, depending on the
> algorithm) and working towards the end of the packet.

This works only if he knows the contents of the whole packet. And
in that case, he can create a bgous one all by himself... He can not 'break'
it, he can just try to fix the chaining for the part of the packet he knows.
And if he does not know the whole packet, he can not fix the whole packet?

Germano

Posted-Date: Thu, 24 Oct 1996 13:21:44 -0400
Message-Id: <9610241722.AA77338@aurora.cis.upenn.edu>
To: Germano Caronni <caronni@tik.ee.ethz.ch>
Cc: ipsec@TIS.COM
Subject: Re: A hole in esp-stream-01 
In-Reply-To: Your message of "Thu, 24 Oct 1996 16:51:51 +0200."
             <199610241451.QAA10704@kom30.ethz.ch> 
Date: Thu, 24 Oct 1996 13:21:44 -0400
From: "Angelos D. Keromytis" <angelos@coredump.cis.upenn.edu>
Sender: ipsec-approval@neptune.tis.com
Precedence: bulk

-----BEGIN PGP SIGNED MESSAGE-----


In message <199610241451.QAA10704@kom30.ethz.ch>, Germano Caronni writes:
>This works only if he knows the contents of the whole packet. And
>in that case, he can create a bgous one all by himself... He can not 'break'
>it, he can just try to fix the chaining for the part of the packet he knows.
>And if he does not know the whole packet, he can not fix the whole packet?

He doesn't need to fix the chaining for the rest of the packet; he'll
get the target to remove the encryption, and then he can fix the
chaining himself, since he knows both the original
plaintext/ciphertext and the changed plaintext/ciphertext for the
begining of the packet and then he can fix the remainder of it one
bit/byte at a time.

The problem is that the chaining and the encryption algorithm commute (sp ?).
- -Angelos
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMm+lp70pBjh2h1kFAQGz4QP9GB/a/Nhon/QZmTPJriac7WpQifT5nMwU
dakifDbjUVMHhypJXMUKfQI6Z/pQ+h+WocNsg7peBBWQWr4067M4yEXexaZNBPhh
Tw+2trdqznTsyPx1XzMfLQwU7zqltNtY/8S6U6sJwKXFnOD+jDg4cRg3mpbEy5oz
tzPuI+iKUS4=
=Uwt8
-----END PGP SIGNATURE-----

Prev by Date: Re: Suggestion for ESP 3DES MD5 document
Next by Date: Re: A hole in esp-stream-01
Prev by thread: Re: A hole in esp-stream-01
Next by thread: Re: A hole in esp-stream-01
Index(es):
- Main
- Thread