[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sequence Number

To: ipsec@tis.com
Subject: Re: Sequence Number
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Sun, 13 Jul 1997 18:49:04 +0300
In-reply-to: Your message of "Sun, 13 Jul 1997 04:48:30 PDT." <01BC8F49.1A4BC890@BIGHUGE>
Sender: owner-ipsec@ex.tis.com

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Rob" == Rob Adams <adams@cisco.com> writes:
    Rob> Zero protects against covert channels. It is easy to set for
    Rob> senders who care and who don't. It is easy to test for
    Rob> receivers that care about covert channels, and just as easy
    Rob> to ignore as anything else for those receivers that don't.

  Frankly, I sort of like the self-describing padding, but I'm not
picky. I realize that it is easier to just init the buffer to zeros
(which is probably already done) overwrite, and insert pad
length/payload.  

    Rob> So, unless we find any cryptographic reasons for not using
    Rob> zero for the pad, I would suggest we require the pad MBZ.

  Well, it does increase the amount of known plaintext. This is one
nice thing about the the self-describing padding is that it isn't
the same.

  Also recall, that in CBC mode, the IV for the next packet likely
comes from the ciphertext of the last block.

  In the case of payloads that are multiples of 64 bits (think v6),
the last 8 bytes are:
	0 0 0 0 0 0 7 <payload type>  [likely IPPROTO_TCP, UDP or IP]
  So, the IV for the next packet comes from the ciphertext of the
previous block, the key and this known plaintext. Maybe this is a
vulnerability, maybe not: I'm not a cryptographer.
  This isn't really an argument for self-describing padding, because
in this special case we get:
	1 2 3 4 5 6 7 <payload type>

  Note, the amount of padding is itself a covert channel.

]                 The sun rarely sets on Helsinki               | one quark   [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    | two quark   [
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ | red q blue q[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQB1AwUBM8j468mxxiPyUBAxAQFTbQMAnf+H8nlPJN8tUUeQF5E+cX3Qn6ukkN0w
tESKzRxz++l2T2aoyHjm6kKUABXLdp91dQybnJO0lRjj4FfN+sIZnviu7UbPOYiN
rrS+10iBj5VTv+nDiN35IFAY2EvEhF+D
=j41H
-----END PGP SIGNATURE-----

Follow-Ups:

Re: Sequence Number

From: Norman Shulman <norm@tor.securecomputing.com>

References:

RE: Sequence Number

From: Rob Adams <adams@cisco.com>

Prev by Date: RE: Sequence Number
Next by Date: Re: ISAKMP Oakley resolution and ipsec doi document questions
Prev by thread: RE: Sequence Number
Next by thread: Re: Sequence Number
Index(es):
- Main
- Thread