[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Slicing and dicing
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Theodore" == Theodore Y Ts'o <tytso@MIT.EDU> writes:
Theodore> Note that this is also only a problem if we some how end
Theodore> up re-encrypting the encrypted packet again, such as in
Theodore> applications where you might be using two layers of ESP
Theodore> for some reason. In those cases, the probability of
Theodore> trouble would be (20 * 2**-56 * 2**-56 * 20**-64), or
Theodore> (20 * 2**-176), or 2 * 10**-52.
Given this, I'd say forget about handling it.
The world isn't just DES, though. The question about what to do with
weak keys in general. Are weak keys in other algorithms equally
improbable?
Given the difficulty in even test code to replace the weak keys with
other keys, I'd prefer to simply fail the SA, and cause ISAKMP to
start over again. I think even my vic-20 can afford to do this once
every (86400/300 * 365)/(2* 10**-52) years.
:!mcr!: | Network security programming, currently
Michael Richardson | on contract with DataFellows F-Secure IPSec
WWW: <A HREF="http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html">mcr@sandelman.ottawa.on.ca</A>. PGP key available.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
iQB1AwUBNBmAM6ZpLyXYhL+BAQEfsAMArWAdndda2GYJ+qe4wOJfGInM/EszpzZC
mjJ9PHROrHWjZGGFXZusAjPv1rZsy27LR2reN4/7F7adg4DdV7ryCJ0p9ItoxTXF
Q5xmlzSASTZnnc9tbyqUe/PUeIRFwPTZ
=ec8l
-----END PGP SIGNATURE-----
Follow-Ups:
References: