[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Stream Ciphers in ESP- IPsec Stack?



That's not true.  Just because the WEP implementation was wrong
doesn't mean a stream cipher is too dangerous.  Depending on the
design stream ciphers can fit nicely into implementations of 
protocols or disk i/o drivers.  However, I would not use RC4
(aka ARC4), I've heard that its key setup machinery is broken.

- Alex

At 09:52 AM 8/30/2001 -0400, Derek Atkins wrote:
>Using stream ciphers in ESP is just dangerous.  There are too many
>ways to just get it wrong.  Look at the problems it caused in 802.11's
>WEP for a clear example how you should not do it.
>
>-derek
>
>"lokesh" <lokeshnb@intotoinc.com> writes:
>
>> Hi all,
>> 
>> Is there any latest document/information regarding use of=20
>> Stream ciphers like ARC-4 or RC4 in ESP of IPsec/Firewall Stack?.
>> people seem to call ESP using Stream ciphers as SC/ESP.
>> in that case, is  there going to be change in ESP packet format or =
>> packet processing ?=20
>> I happen to refer some internet drafts like=20
>> <draft-caronni-esp--stream-01.txt> and <draft-mcgrew-ipsec-scesp-02.txt> =
>>  second draft proposes no change in ESP packet format but gives no idea =
>> about how to handle packets which come out of order and how to provide =
>> Anti-Replay-Service, while former does give implementation details of =
>> Antireplay service but there is a change in ESP packet format as there =
>> is no pad length field present.
>> I'm looking for a complete document which addresses all these =
>> implementation details, is there one?
>> Are there any products which have implemented stream ciphers like ARC4 =
>> or RC4 in IPsec stack?=20
>> if so, can you give details there of ?
>> 
>> help in this regard is highly appreciated.
>> thanks
>> Lokesh
>> 
>> 
>> 
>> ------=_NextPart_000_006C_01C1314A.CC8B32A0
>> Content-Type: text/html;
>> 	charset="Windows-1252"
>> Content-Transfer-Encoding: quoted-printable
>> 
>> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
>> <HTML><HEAD>
>> <META content=3D"text/html; charset=3Dwindows-1252" =
>> http-equiv=3DContent-Type>
>> <META content=3D"MSHTML 5.00.2919.6307" name=3DGENERATOR>
>> <STYLE></STYLE>
>> </HEAD>
>> <BODY bgColor=3D#ffffff>
>> <DIV><FONT face=3DArial size=3D2>Hi all,</FONT></DIV>
>> <DIV>&nbsp;</DIV>
>> <DIV><FONT face=3DArial size=3D2>Is there any latest =
>> document/information regarding=20
>> use of </FONT></DIV>
>> <DIV><FONT face=3DArial size=3D2>Stream ciphers like ARC-4 or RC4 in ESP =
>> of=20
>> IPsec/Firewall Stack?.</FONT></DIV>
>> <DIV><FONT face=3DArial size=3D2>people seem to call ESP using Stream =
>> ciphers as=20
>> SC/ESP.</FONT></DIV>
>> <DIV><FONT face=3DArial size=3D2>in that case, is&nbsp; there going to =
>> be change in=20
>> ESP packet format or packet processing ? </FONT></DIV>
>> <DIV><FONT face=3DArial size=3D2>I happen to refer some internet drafts =
>> like=20
>> </FONT></DIV>
>> <DIV><FONT face=3DArial =
>> size=3D2>&lt;draft-caronni-esp--stream-01.txt&gt; and=20
>> &lt;draft-mcgrew-ipsec-scesp-02.txt&gt;&nbsp;&nbsp;second draft proposes =
>> no=20
>> change in ESP packet format but gives no idea about how to handle =
>> packets which=20
>> come out of order and how to provide Anti-Replay-Service, while former =
>> does give=20
>> implementation details of Antireplay service but there is a change in =
>> ESP packet=20
>> format as there is no pad length field present.</FONT></DIV>
>> <DIV><FONT face=3DArial size=3D2>I'm looking for a complete document =
>> which addresses=20
>> all these implementation details, is there one?</FONT></DIV>
>> <DIV><FONT face=3DArial size=3D2>Are there any products which have =
>> implemented=20
>> stream ciphers like ARC4 or RC4 in IPsec stack? </FONT></DIV>
>> <DIV><FONT face=3DArial size=3D2>if so, can you give details there of =
>> ?</FONT></DIV>
>> <DIV>&nbsp;</DIV>
>> <DIV><FONT face=3DArial size=3D2>help in this regard is highly=20
>> appreciated.</FONT></DIV>
>> <DIV><FONT face=3DArial size=3D2>thanks</FONT></DIV>
>> <DIV><FONT face=3DArial size=3D2>Lokesh</FONT></DIV>
>> <DIV>&nbsp;</DIV>
>> <DIV>&nbsp;</DIV></BODY></HTML>
>> 
>> ------=_NextPart_000_006C_01C1314A.CC8B32A0--
>> 
>
>-- 
>       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>       Member, MIT Student Information Processing Board  (SIPB)
>       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>       warlord@MIT.EDU                        PGP key available
>
--

Alex Alten

Alten@Home.Com




Follow-Ups: References: