[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Minor Security issues regarding Kb rekeying
> For IPSEC SAs:
> Suppose an IPSEC SA with a lifetime of 1000Kb was established
> between two peer. Alice encrypts 1000Kb of data using this SA but
> only 900Kb of encrypted data reach Bob. Eve has now 1000Kb of
> encrypted data and can after cracking the SAs keys, transmit data to
> Bob who thinks this SA is still valid.
The comments about explicit SA deletes being the answer here are part
of the story. Howevver, I think is that this is one of the places
where a margin of safety comes into play... if the algorithm is
crackable in near-real-time with ~900kb of traffic, the per-key limit
should be much smaller than ~1000kb..
Also, if you're trying to make a marginal/weak algorithm "safe" to use
to secure real-time communications which don't have to be secret
forever, you clearly want to use both Kb and time limits on the SA.
- Bill
References: