Re: best encryption + mode for network packets ?
stefek.zaba_at_hp.com
Date: 10/19/03
- Next message: Francois Grieu: "Re: Does quantum cryptography actually work?"
- Previous message: Francois Grieu: "Re: Is it possible to devise a public-key cipher with no flaws?"
- In reply to: Skybuck Flying: "best encryption + mode for network packets ?"
- Next in thread: Skybuck Flying: "Re: best encryption + mode for network packets ?"
- Reply: Skybuck Flying: "Re: best encryption + mode for network packets ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 19 Oct 2003 10:59:11 GMT
In sci.crypt, Skybuck Flying <nospam@hotmail.com> wrote:
>
> I don't understand much about all the different encryption modes...
>
> Like CBC, CTR, ECB and other modes...
>
> It confuses the hell out of me... :D
>
> So I am just going to ask people that hopefully do understand these modes
> better :D
>
If you're finding out for the benefit of your own education: ask away;
but better still, read widely. Read a Real Book (TM); in this case Bruce
Schneier's Applied Crypto would suit, as Books are written in a consistent
voice, with deliberate didactic purpose, to cover a reasonably wide
area of inquiry... unlike most Web pages, which are good for specifics
but not so hot for documenting a whole field.
If, OTOH, you're creating this scheme:
> The reason I ask this is that I want to encrypt/decrypt network packets.
>
to protect information which matters, and even more so if you're doing
this on someone else's behalf and taking money for it, I'd say you're
engaged in deceptive trading. You're *massively* more likely to screw
up - without realising it - than if you go the boring route and just
use IPSEC. FreeSWAN is a free (as in beer *and* speech) implementation
you can use. Its documentation is one of many useful resources.
The IPSEC design (despite some cumbersome aspects) deals with many issues
you won't yet have throught of. For block-cipher encryption modes,
it deals with the chaining issue you've identified in a straightforward
way. You'll have (or will when you read & think a bit more) picked up
that the chaining modes typically require an unpredictable but non-secret
(once it's chosen) initialisation vector (IV) to get started with the
first block; thereafter the moral equivalent of the IV is some transform
of the previously-encrypted block. All IPSEC does, therefore, is to send
that "moral equivalent of an IV" along with *each* new packet, so that
the recipient has the cryptojunk needed to XOR-or-whatever with the
start of the packet they've just received, independently of having
received - or not - the previous packet. Receipt and succesful decryption
of that previous packet would be the "normal" way of chaining along assuming
a reliable channel; since packet networks drop, resequence, and retransmit,
IPSEC's design (wot with sequence numbers, sliding windows, and all that
guff) allows for those characteristics of the channel while meeting the
security goals.
Take a look at IPSEC, do. Wonder hard about the stuff that looks bizarre;
there's a good reason for most (sadly, not quite all!) of it. Try to work
it out. Ask here - or on the IPSEC mailing list - if you *really* can't
work out what some feature is doing. Be prepared to be roasted if you
don't seem to have done reasonable thinking, Googling, and reading first,
though...
Stefek
- Next message: Francois Grieu: "Re: Does quantum cryptography actually work?"
- Previous message: Francois Grieu: "Re: Is it possible to devise a public-key cipher with no flaws?"
- In reply to: Skybuck Flying: "best encryption + mode for network packets ?"
- Next in thread: Skybuck Flying: "Re: best encryption + mode for network packets ?"
- Reply: Skybuck Flying: "Re: best encryption + mode for network packets ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
