[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Suggested modification to AES privacy draft
Good catch! I think Scott Fluhrer is 100% correct, and it looks to me
like this is a weakness we should be taking very seriously.
For purposes of comparison, it looks like the severity of this weakness
is close to comparable to the severity of Bellovin's cut-and-paste
attacks. Both work only in some scenarios (e.g., a multi-user system
using host keying), but unless I'm missing something, both seem to me
to be realistic threats and both violate important security goals.
I'll note that Bellovin's cut-and-paste attacks were considered to
warrant significant changes to the standard to close that weakness;
it sounds like it's time to do the same to stop Fluhrer's guessing attack.
What will it take to make the suggested changes to the standard?