[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: how Nonce payload be used to prevent replay attack

To: "'sleepy-cat@263.net'" <sleepy-cat@263.net>
Subject: Re: how Nonce payload be used to prevent replay attack
From: Sandeep Joshi <sandeepj@research.bell-labs.com>
Date: Mon, 15 Oct 2001 16:29:36 -0400
CC: "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>
References: <8B204D152222D51182B7000102884137202572@postmaster.cryptek.com>
Sender: owner-ipsec@lists.tislabs.com

"Aronson, David" wrote:
> 
> dxh (sleepy-cat@263.net) writes:
> 
>  > I am not very clear about that. Are there anybody can
>  > explain it to me?
>  > I will be very appreciative for your help.
> 
> The basic idea seems to be, "quote this number I just made up back to me, or
> I won't believe you're really carrying on a session".  Someone simply
> replaying old recorded packets won't be able to do that, because the old
> stuff would have a different nonce.

..And such a nonce is easier to verify (in terms of CPU time
and memory state) than an ack payload based on a crypto function.

-Sandeep

> 
> --
> Dave Aronson, Software Engineer, +1-571-434-2039 V, +1-571-434-2001 F.
> Cryptek Secure Communications, 1501 Moran Rd., Sterling, VA 20166 USA.
> Opinions above are MINE, ALL MINE -- but for rent at reasonable rates.

References:

RE: how Nonce payload be used to prevent replay attack

From: "Aronson, David" <daronson@cryptek.com>

Prev by Date: Re: DataStructure for Storing SPD,SA Entries
Next by Date: Re: DataStructure for Storing SPD,SA Entries
Prev by thread: RE: how Nonce payload be used to prevent replay attack
Next by thread: how Nonce payload be used to prevent replay attack
Index(es):
- Main
- Thread