[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How many algorithms per SA/Transform?

To: Dan.McDonald@Eng.sun.com (Dan McDonald)
Subject: Re: How many algorithms per SA/Transform?
From: "Angelos D. Keromytis" <angelos@aurora.cis.upenn.edu>
Date: Mon, 03 Mar 1997 18:18:30 +0000
Cc: ipsec@tis.com
In-Reply-To: Your message of "Mon, 03 Mar 1997 14:06:22 PST." <199703032206.OAA29233@kebe.eng.sun.com>
Posted-Date: Mon, 03 Mar 1997 18:18:30 +0000
Sender: owner-ipsec@ex.tis.com

-----BEGIN PGP SIGNED MESSAGE-----


In message <199703032206.OAA29233@kebe.eng.sun.com>, Dan McDonald writes:
>
>It's a question that I personally think the answer to is, "no".  I can't
>think of any good case (save perhaps protecting headers with one algorithm,
>and the data with another...) where you'd need more than one algorithm of
>each type in a single association.
>

One could also have a mixed algorithm; instead of 3-DES, use DES for
first round, blowfish for second, etc...i can see this used for 2
reasons:
a) DES/Blowfish would be faster than 3-DES, more secure than 2-DES,
and prevent the DES keysearch problem (Blowfish/DES wouldn't
prevent that however - assuming the same key was used for both algorithms).
b) Use a stream cipher and then DES (or the other way around) to
obscure known-plaintext analysis.
- -Angelos



-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMxtcRb0pBjh2h1kFAQEiCgQAjFgD5vxqdmK2ffDUTI8Lv9R86SY4pFbR
PoDjUH2gNAMrg1p5q1PvU3hF49yFbxY8TfNvKo5n9xo46OFOC2Z6RHIdUOKMVBPN
WiiMCZ4VR482vkzzfp7/apOnE8PmJTbcxEtS4PejmBhZ/xvYn+nIXkZmeP4jObnL
1rpxCEkh2Rk=
=yeYy
-----END PGP SIGNATURE-----

References:

How many algorithms per SA/Transform?

From: Dan.McDonald@Eng.sun.com (Dan McDonald)

Prev by Date: Re: TO COMPRESS OR NOT TO CMPRS (please reply)
Next by Date: How many algorithms per SA/Transform?
Next by thread: Re: TO COMPRESS OR NOT TO CMPRS (please reply)
Index(es):
- Main
- Thread