[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Stream Ciphers in ESP- IPsec Stack?
That's not true. Just because the WEP implementation was wrong
doesn't mean a stream cipher is too dangerous. Depending on the
design stream ciphers can fit nicely into implementations of
protocols or disk i/o drivers. However, I would not use RC4
(aka ARC4), I've heard that its key setup machinery is broken.
- Alex
At 09:52 AM 8/30/2001 -0400, Derek Atkins wrote:
>Using stream ciphers in ESP is just dangerous. There are too many
>ways to just get it wrong. Look at the problems it caused in 802.11's
>WEP for a clear example how you should not do it.
>
>-derek
>
>"lokesh" <lokeshnb@intotoinc.com> writes:
>
>> Hi all,
>>
>> Is there any latest document/information regarding use of=20
>> Stream ciphers like ARC-4 or RC4 in ESP of IPsec/Firewall Stack?.
>> people seem to call ESP using Stream ciphers as SC/ESP.
>> in that case, is there going to be change in ESP packet format or =
>> packet processing ?=20
>> I happen to refer some internet drafts like=20
>> <draft-caronni-esp--stream-01.txt> and <draft-mcgrew-ipsec-scesp-02.txt> =
>> second draft proposes no change in ESP packet format but gives no idea =
>> about how to handle packets which come out of order and how to provide =
>> Anti-Replay-Service, while former does give implementation details of =
>> Antireplay service but there is a change in ESP packet format as there =
>> is no pad length field present.
>> I'm looking for a complete document which addresses all these =
>> implementation details, is there one?
>> Are there any products which have implemented stream ciphers like ARC4 =
>> or RC4 in IPsec stack?=20
>> if so, can you give details there of ?
>>
>> help in this regard is highly appreciated.
>> thanks
>> Lokesh
>>
>>
>>
>> ------=_NextPart_000_006C_01C1314A.CC8B32A0
>> Content-Type: text/html;
>> charset="Windows-1252"
>> Content-Transfer-Encoding: quoted-printable
>>
>> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
>> <HTML><HEAD>
>> <META content=3D"text/html; charset=3Dwindows-1252" =
>> http-equiv=3DContent-Type>
>> <META content=3D"MSHTML 5.00.2919.6307" name=3DGENERATOR>
>> <STYLE></STYLE>
>> </HEAD>
>> <BODY bgColor=3D#ffffff>
>> <DIV><FONT face=3DArial size=3D2>Hi all,</FONT></DIV>
>> <DIV> </DIV>
>> <DIV><FONT face=3DArial size=3D2>Is there any latest =
>> document/information regarding=20
>> use of </FONT></DIV>
>> <DIV><FONT face=3DArial size=3D2>Stream ciphers like ARC-4 or RC4 in ESP =
>> of=20
>> IPsec/Firewall Stack?.</FONT></DIV>
>> <DIV><FONT face=3DArial size=3D2>people seem to call ESP using Stream =
>> ciphers as=20
>> SC/ESP.</FONT></DIV>
>> <DIV><FONT face=3DArial size=3D2>in that case, is there going to =
>> be change in=20
>> ESP packet format or packet processing ? </FONT></DIV>
>> <DIV><FONT face=3DArial size=3D2>I happen to refer some internet drafts =
>> like=20
>> </FONT></DIV>
>> <DIV><FONT face=3DArial =
>> size=3D2><draft-caronni-esp--stream-01.txt> and=20
>> <draft-mcgrew-ipsec-scesp-02.txt> second draft proposes =
>> no=20
>> change in ESP packet format but gives no idea about how to handle =
>> packets which=20
>> come out of order and how to provide Anti-Replay-Service, while former =
>> does give=20
>> implementation details of Antireplay service but there is a change in =
>> ESP packet=20
>> format as there is no pad length field present.</FONT></DIV>
>> <DIV><FONT face=3DArial size=3D2>I'm looking for a complete document =
>> which addresses=20
>> all these implementation details, is there one?</FONT></DIV>
>> <DIV><FONT face=3DArial size=3D2>Are there any products which have =
>> implemented=20
>> stream ciphers like ARC4 or RC4 in IPsec stack? </FONT></DIV>
>> <DIV><FONT face=3DArial size=3D2>if so, can you give details there of =
>> ?</FONT></DIV>
>> <DIV> </DIV>
>> <DIV><FONT face=3DArial size=3D2>help in this regard is highly=20
>> appreciated.</FONT></DIV>
>> <DIV><FONT face=3DArial size=3D2>thanks</FONT></DIV>
>> <DIV><FONT face=3DArial size=3D2>Lokesh</FONT></DIV>
>> <DIV> </DIV>
>> <DIV> </DIV></BODY></HTML>
>>
>> ------=_NextPart_000_006C_01C1314A.CC8B32A0--
>>
>
>--
> Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> Member, MIT Student Information Processing Board (SIPB)
> URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
> warlord@MIT.EDU PGP key available
>
--
Alex Alten
Alten@Home.Com
Follow-Ups:
References: