[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Proposed changes to ESP (andf a little AH too)
Crypto people, am I the only one who is not 100% comfortable with
this order of the operations? Can *you* think of an attack? What
would be the assumptions for such an attack to succeed?
Kent's approach defeats Wagner's short-block guessing attack (described
in my paper ftp://ftp.research.att.com/dist/smb/badesp.ps). This is
precisely because it does protect the ciphertext.
My discomfort is due solely to the fact that I want these transforms
standardized *now*. Anything that delays them is no good.