Re: break it - protect confidentiality and integrity with symmetric key
- From: "Tom St Denis" <tomstdenis@xxxxxxxxx>
- Date: 22 Jan 2006 06:05:53 -0800
"000" <osrh...@xxxxxxxxx> wrote:
> 3. Bob computes the CBC residue on the decrypted text. If the computed
> residue, Crc, is the same as the received residue, Cr', then he accepts
> the message and believes that it's secretly from Alice; otherwise, he
> rejects it.
>
> I was told that there was a shortcoming in the protocol, but I just
> can't realize it. Hopefully, someone can see it.
It's trivial to break. I can modify any block I want since CBC uses
the ciphertext not plaintext. So as long as I don't modify the second
to last block your decrypted Kab will always check out.
A proper CBC-MAC does not give out the intermediate values to be
meddled with and if you do CBC encrypt it obviously should be under a
different key.
Tom
.
- Follow-Ups:
- References:
- Prev by Date: Re: implementing sha1
- Next by Date: Re: implementing sha1
- Previous by thread: break it - protect confidentiality and integrity with symmetric key
- Next by thread: Re: break it - protect confidentiality and integrity with symmetric key
- Index(es):
