Re: best encryption + mode for network packets ?
From: Skybuck Flying (nospam_at_hotmail.com)
Date: 10/20/03
- Next message: Skybuck Flying: "ECB security"
- Previous message: Bryan Olson: "Re: Schneier's "Helix" cipher is remarkably similar to the "generic feistel cipher""
- In reply to: stefek.zaba_at_hp.com: "Re: best encryption + mode for network packets ?"
- Next in thread: Skybuck Flying: "ECB security"
- Reply: Skybuck Flying: "ECB security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 20 Oct 2003 10:40:06 +0200
<stefek.zaba@hp.com> wrote in message
news:bmtqpv$k0j$1@murdoch.hpl.hp.com...
> In sci.crypt, Skybuck Flying <nospam@hotmail.com> wrote:
> >
> > I don't understand much about all the different encryption modes...
> >
> > Like CBC, CTR, ECB and other modes...
> >
> > It confuses the hell out of me... :D
> >
> > So I am just going to ask people that hopefully do understand these
modes
> > better :D
> >
> If you're finding out for the benefit of your own education: ask away;
> but better still, read widely. Read a Real Book (TM); in this case Bruce
> Schneier's Applied Crypto would suit, as Books are written in a consistent
> voice, with deliberate didactic purpose, to cover a reasonably wide
> area of inquiry... unlike most Web pages, which are good for specifics
> but not so hot for documenting a whole field.
>
> If, OTOH, you're creating this scheme:
>
> > The reason I ask this is that I want to encrypt/decrypt network packets.
> >
> to protect information which matters, and even more so if you're doing
> this on someone else's behalf and taking money for it, I'd say you're
> engaged in deceptive trading. You're *massively* more likely to screw
> up - without realising it - than if you go the boring route and just
> use IPSEC. FreeSWAN is a free (as in beer *and* speech) implementation
> you can use. Its documentation is one of many useful resources.
>
> The IPSEC design (despite some cumbersome aspects) deals with many issues
> you won't yet have throught of. For block-cipher encryption modes,
> it deals with the chaining issue you've identified in a straightforward
> way. You'll have (or will when you read & think a bit more) picked up
> that the chaining modes typically require an unpredictable but non-secret
> (once it's chosen) initialisation vector (IV) to get started with the
> first block; thereafter the moral equivalent of the IV is some transform
> of the previously-encrypted block. All IPSEC does, therefore, is to send
> that "moral equivalent of an IV" along with *each* new packet, so that
> the recipient has the cryptojunk needed to XOR-or-whatever with the
> start of the packet they've just received, independently of having
> received - or not - the previous packet. Receipt and succesful decryption
> of that previous packet would be the "normal" way of chaining along
assuming
> a reliable channel; since packet networks drop, resequence, and
retransmit,
> IPSEC's design (wot with sequence numbers, sliding windows, and all that
> guff) allows for those characteristics of the channel while meeting the
> security goals.
>
> Take a look at IPSEC, do. Wonder hard about the stuff that looks bizarre;
> there's a good reason for most (sadly, not quite all!) of it. Try to work
> it out. Ask here - or on the IPSEC mailing list - if you *really* can't
> work out what some feature is doing. Be prepared to be roasted if you
> don't seem to have done reasonable thinking, Googling, and reading first,
> though...
I have chosen to use ECB mode at the moment. Instead of CBC.
Why did IPSEC choose CBC... I am guessing more security ?
How secure is ECB mode ? :D
- Next message: Skybuck Flying: "ECB security"
- Previous message: Bryan Olson: "Re: Schneier's "Helix" cipher is remarkably similar to the "generic feistel cipher""
- In reply to: stefek.zaba_at_hp.com: "Re: best encryption + mode for network packets ?"
- Next in thread: Skybuck Flying: "ECB security"
- Reply: Skybuck Flying: "ECB security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
