[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Suggested modification to AES privacy draft

To: ipsec@lists.tislabs.com
Subject: Re: Suggested modification to AES privacy draft
From: daw@mozart.cs.berkeley.edu (David Wagner)
Date: 7 Jan 2002 19:49:04 GMT
Distribution: isaac
Newsgroups: isaac.lists.ipsec
Organization: University of California, Berkeley
References: <200201070124.ADF71964@mira-sjcm-3.cisco.com>
Sender: owner-ipsec@lists.tislabs.com

Good catch!  I think Scott Fluhrer is 100% correct, and it looks to me
like this is a weakness we should be taking very seriously.

For purposes of comparison, it looks like the severity of this weakness
is close to comparable to the severity of Bellovin's cut-and-paste
attacks.  Both work only in some scenarios (e.g., a multi-user system
using host keying), but unless I'm missing something, both seem to me
to be realistic threats and both violate important security goals.
I'll note that Bellovin's cut-and-paste attacks were considered to
warrant significant changes to the standard to close that weakness;
it sounds like it's time to do the same to stop Fluhrer's guessing attack.

What will it take to make the suggested changes to the standard?

References:
- Suggested modification to AES privacy draft
  - From: Scott Fluhrer <sfluhrer@cisco.com>

Prev by Date: Re: [ A problem ]
Next by Date: Re: Suggested modification to AES privacy draft
Prev by thread: RE: Suggested modification to AES privacy draft
Next by thread: RE: Suggested modification to AES privacy draft
Index(es):
- Date
- Thread