[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms

To: "'Russ Housley'" <housley@vigilsec.com>, <sommerfeld@east.sun.com>, "'Henry Spencer'" <henry@spsystems.net>
Subject: RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
From: "Lee Dilkie" <lee_dilkie@mitel.com>
Date: Mon, 16 Jun 2003 14:36:03 -0400
Cc: "'IP Security List'" <ipsec@lists.tislabs.com>
Importance: Normal
In-Reply-To: <000301c3342f$1b6e3320$6401a8c0@RussLaptop>
Sender: owner-ipsec@lists.tislabs.com

I thought also that RC4 was not a restartable(seekable?) stream cipher and
thus cannot tolerate lost or out of order packets unless special steps were
taken (re-gen the key schedule for each packet?).

> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Russ Housley
> Sent: Monday, June 16, 2003 1:46 PM
> To: sommerfeld@east.sun.com; 'Henry Spencer'
> Cc: 'IP Security List'
> Subject: RE: Editorial: Use of MAY in
> draft-ietf-ipsec-ikev2-algorithms
>
>
> WEP causes a problem from RC4 because it "publishes" the first 24 bits
> of the key.  The RC4 key schedule is not robust enough to
> deal with part
> of its input being disclosed.  If RC4 is used in a system
> where none of
> the keying material is disclosed, as is the case with TLS,
> then it holds
> up just fine.
>
> In ESP, the use of RC4 would require special handling to
> avoid WEP-like
> issues.  I do not believe that anyone has written a specification for
> RC4 and ESP.
>
> Russ
>
>
> > -----Original Message-----
> > From: owner-ipsec@lists.tislabs.com
> [mailto:owner-ipsec@lists.tislabs.com]
> > On Behalf Of Bill Sommerfeld
> > Sent: Monday, June 16, 2003 11:57 AM
> > To: Henry Spencer
> > Cc: IP Security List
> > Subject: Re: Editorial: Use of MAY in
> draft-ietf-ipsec-ikev2-algorithms
> >
> > > Correct.  The cipher is RC4, which is (last I heard) still thought
> to be
> > > okay.
> >
> > Okay, but not great.
> >
> > RC4 is a stream cipher which comes with additional special handling
> > recommendations ("For best results, discard first N bytes of output
> > after keying").
> >
> > > The problem is that WEP generates keys by a distinctly non-random
> > > process which produces many closely-related keys, and
> nobody thought
> to
> > > ask whether this was a weakness.  It is.
> >
> > The WEP related-key attacks exploit the first-byte
> weaknesses of RC4.
> >
> > 					- Bill
>
>

Follow-Ups:
- RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
  - From: Russ Housley <housley@vigilsec.com>

References:
- RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
  - From: "Russ Housley" <housley@vigilsec.com>

Prev by Date: RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
Next by Date: ESN Addendum comment
Prev by thread: RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
Next by thread: RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
Index(es):
- Date
- Thread