[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A hole in esp-stream-01

To: "Angelos D. Keromytis" <angelos@coredump.cis.upenn.edu>
Subject: Re: A hole in esp-stream-01
From: Germano Caronni <caronni@tik.ee.ethz.ch>
Date: Thu, 24 Oct 1996 19:31:21 +0200 (MET DST)
Cc: ipsec@TIS.COM
In-Reply-To: <9610241722.AA77338@aurora.cis.upenn.edu> from "Angelos D. Keromytis" at Oct 24, 96 01:21:44 pm
Sender: ipsec-approval@neptune.tis.com

Angelos D. Keromytis wrote:
> He doesn't need to fix the chaining for the rest of the packet; he'll
> get the target to remove the encryption, and then he can fix the
> chaining himself, since he knows both the original
[...]
> The problem is that the chaining and the encryption algorithm commute (sp ?).

I agree. This problem is valid if the decrypting entity does not check for
integrity. (I assumed this check would take place.)
We are back to square one: Add a *fast* MAC to stream ciphers.

Germano

Prev by Date: Re: A hole in esp-stream-01
Next by Date: Revised suggestion for ESP 3DES MD5 document
Prev by thread: Re: A hole in esp-stream-01
Next by thread: RE: A hole in esp-stream-01
Index(es):
- Main
- Thread