SRP + 3DES - secure enough?
- From: "Rob Y." <ryampolsky@xxxxxxxxx>
- Date: Mon, 22 Sep 2008 10:09:06 -0700 (PDT)
My application uses SRP for authentication and then uses the random
session data produced during the SRP authentication process to seed
3DES for encrypting the actual communications.
My question. Once encryption is set up, my application does its own
signon handshake. The data in that handshake is pretty much
constant. Is that a big security hole, or does 3DES do more than XOR
the data against a bit unknown (and changing) value? For example,
does 3DES send the data bytes in a random order or do anything else
that would make it impossible to guess the key based on knowing the
data that's being encrypted?
If not, are there recommendations for 'randomizing' the communications
to fix the problem. Something like inserting random numbers into
unused places in the data stream prior to encryption.
Thanks,
Rob
.
- Follow-Ups:
- Re: SRP + 3DES - secure enough?
- From: David Wagner
- Re: SRP + 3DES - secure enough?
- From: Karl Malbrain
- Re: SRP + 3DES - secure enough?
- Prev by Date: Re: Cryptanalysis to a homemade keyed MD5 MAC
- Next by Date: Re: SRP + 3DES - secure enough?
- Previous by thread: Putting the Record Straight.
- Next by thread: Re: SRP + 3DES - secure enough?
- Index(es):
Relevant Pages
|
Loading
