Re: Signatures and encryption headers



Fabrice wrote:
With EAX or CCM, you still need some way to communicate the session
key used, the underlying block cipher and maybe the other parameters
that the CCM specs calls "Prerequisites", (if there are not fixed by
the system)

My question is basically, does those prerequisites needs to be
authenticated and/or confidential ?

I believe they all need to be authenticated. (I don't have
a particular attack in mind if they are not, but if you fail to
authenticate them you "void the security warranty": for instance,
the proofs of security will probably no longer apply. You could
imagine that one kind of attack that might be possible is a
downgrade attack, where the attacker replaces your choice of a
strong block cipher with a weaker one. At least in principle,
there might be more sophisticated attacks possible -- or at least,
I believe the existing proofs of security do not rule out such a
possibility.)

I believe that only the session key needs to have its
confidentiality protected.
.



Relevant Pages

  • [Full-disclosure] Raising Robot Criminals
    ... identity theft and robot-driven attack propagation. ... security as well as on Sql Injection, this text is not yet another one. ... security numbers - are opened for remote penetration. ...
    (Full-Disclosure)
  • [Full-disclosure] STEP Security
    ... Internet-Drafts are working documents of the Internet Engineering ... security in otherwise insecure environments. ... APT (Another Possible Threat) ... of a cyber attack before more terabytes of data are exfiltrated from ...
    (Full-Disclosure)
  • =?windows-1252?Q?Re=3A_Lahore=2DTerror_Attacks=3A_RAW=92s_Guerilla_Warfare?=
    ... security forces have been martyred in foiling three separate terrorist ... attacks by killing 9 terrorists at FIA Building, ... suicide attack in Kohat. ... been waging a guerilla warfare in Pakistan through its well-trained ...
    (sci.military.naval)
  • [NT] DCE RPC Vulnerabilities New Attack Vectors Analysis
    ... Get your security news from a reliable source. ... These new attack methods were found while researching exploitation ... They might also apply to other vulnerabilities such as the DCE RPC DCOM ...
    (Securiteam)
  • Risks Digest 24.91
    ... ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ... Adi Shamir's bug attack ... Security company e-mail undercuts user education ...
    (comp.risks)