[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Proposed changes to ESP (andf a little AH too)

To: Lewis McCarthy <lmccarth@cs.umass.edu>
Subject: Re: Proposed changes to ESP (andf a little AH too)
From: Stephen Kent <kent@bbn.com>
Date: Mon, 24 Mar 1997 10:46:42 -0500
Cc: IPsec Mailing List <ipsec@tis.com>
In-Reply-To: <3336197C.2847@cs.umass.edu>
References: <9703240315.AA280941@hawpub.watson.ibm.com>
Sender: owner-ipsec@ex.tis.com

Lewis,

	It is true that moving the counter and the HMAC outside of the
encryption boundary does remove a source of unpredictable plaintext from
the message.  However, the HMAC is at the end of the message, and the use
of an IV in feedback modes is designed to provide an unpredictable starting
point for the encryption process.  If the contents of the message are
predictable, as suggested, then there typically will be enough plaintext to
support a known plaintext attack irresepctive of the posotioning of the
counter value.  See Steve Bellovin's recent paper (in the Proceedings of
the Symposium on Network and Distributed System Security, Feb 97) analyzing
such attacks in a typical IP/TCP context.

Steve

References:

Re: Proposed changes to ESP (andf a little AH too)

From: Uri Blumenthal <uri@watson.ibm.com>

Re: Proposed changes to ESP (andf a little AH too)

From: Lewis McCarthy <lmccarth@cs.umass.edu>

Prev by Date: Vendor Interests (was Re: "Pillage first, then burn" - Attila the Hun)
Next by Date: Re: replay window size
Prev by thread: Re: Proposed changes to ESP (andf a little AH too)
Next by thread: Re: Proposed changes to ESP (andf a little AH too)
Index(es):
- Main
- Thread