[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: simultaneous lifetime type support required?
>>>>> "Scott" == Scott G Kelly <skelly@redcreek.com> writes:
Scott> I recognize the need to support both types, but the question is,
Scott> am I required to support both types simultaneously? That is, if
That is my understanding.
Scott> you send me 2 lifetime payloads together, one in kbytes and one in
Scott> seconds, does this mean you want both values used, with the actual
Scott> expiration based upon whichever occurs first?
The two types represent quantization of two weaknesses of cryptographic
functions:
1. given a certain amount of time/money, you can brute force them.
e.g. DES may be safe if you rekey every 10 minutes, assuming
that your adversary can't afford to break the key faster
than that.
2. some cryptographic functions have a limited lifetime. That is,
you should not send more than Xk bytes through them. My understanding
is that this has nothing to do with how much time it takes.
A very high performance network may indeed send more than #2's bytes in
much less than the brute force attack time, and so wants to rekey more
often.
I was just leafing through Schneier looking for some explanation of this.
Pg. 184 (2nd edition) "It is generally easier to do cryptanalysis with more
ciphertext encrypted under the same key"
:!mcr!: | Sandelman Software Works Corporation, Ottawa, ON
Michael Richardson | SSH IPsec: http://www.ssh.fi/. Secure, strong, international
Personal: <A HREF="http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html">mcr@sandelman.ottawa.on.ca</A>. PGP key available.
Corporate: <A HREF="http://www.sandelman.ottawa.on.ca/SSW/">sales@sandelman.ottawa.on.ca</A>.
References: