Re: Sun setting on stream ciphers?
From: Scott A Crosby (scrosby_at_cs.rice.edu)
Date: 02/28/04
- Next message: Tom St Denis: "Re: A secure, trustworthy Win XP compitable encryption program with GUI interface?"
- Previous message: privacy.at Anonymous Remailer: "Sassaman remop, make your SPONSORING public"
- In reply to: Tom St Denis: "Re: Sun setting on stream ciphers?"
- Next in thread: Gregory G Rose: "Re: Sun setting on stream ciphers?"
- Reply: Gregory G Rose: "Re: Sun setting on stream ciphers?"
- Reply: David Wagner: "Re: Sun setting on stream ciphers?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 28 Feb 2004 16:51:19 -0600
On 28 Feb 2004 10:24:32 -0800, tomstdenis@yahoo.com (Tom St Denis) writes:
> A compromise would be to drop the MAC requirement and just ensure that
> both sides influence the CTR IV and keys. That way you can't replay
> or damage packets without it coming out sounding like noise...
AFAIK, doesn't CTR mode absolutely require some sort of
authentication. An attacker who knew the origonal contents of a packet
could just ensure that any packet they wished would be decoded.
CTR mode is?:
C_i = E(CTR++) + P_i
If the attacker knows P_i and want plaintext P'_i to be decoded they
can corrupt C_i into C'_i as:
C'_i = C_i - P_i + P'_i
Maybe a truncated HMAC-SHA1 to 8 bits is a solution.
Scott
- Next message: Tom St Denis: "Re: A secure, trustworthy Win XP compitable encryption program with GUI interface?"
- Previous message: privacy.at Anonymous Remailer: "Sassaman remop, make your SPONSORING public"
- In reply to: Tom St Denis: "Re: Sun setting on stream ciphers?"
- Next in thread: Gregory G Rose: "Re: Sun setting on stream ciphers?"
- Reply: Gregory G Rose: "Re: Sun setting on stream ciphers?"
- Reply: David Wagner: "Re: Sun setting on stream ciphers?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
