Re: [Cfrg] draft-housley-ccm-mode-00.txt
pgut001@cs.auckland.ac.nz (Peter Gutmann) Fri, 16 August 2002 04:15 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA25943 for <cfrg-archive@odin.ietf.org>; Fri, 16 Aug 2002 00:15:08 -0400 (EDT)
Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id AAA28786 for cfrg-archive@odin.ietf.org; Fri, 16 Aug 2002 00:16:29 -0400 (EDT)
Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id AAA28767; Fri, 16 Aug 2002 00:16:13 -0400 (EDT)
Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id AAA28742 for <cfrg@optimus.ietf.org>; Fri, 16 Aug 2002 00:16:12 -0400 (EDT)
Received: from hermes.cs.auckland.ac.nz (hermes.cs.auckland.ac.nz [130.216.35.151]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA25936 for <cfrg@ietf.org>; Fri, 16 Aug 2002 00:14:50 -0400 (EDT)
Received: from ruru.cs.auckland.ac.nz (ruru-nfs.cs.auckland.ac.nz [130.216.35.12]) by hermes.cs.auckland.ac.nz (8.12.4/8.12.4) with ESMTP id g7G4Fe8W001972; Fri, 16 Aug 2002 16:15:40 +1200
Received: (from pgut001@localhost) by ruru.cs.auckland.ac.nz (8.9.3/8.8.6/cs-slave) id QAA18722; Fri, 16 Aug 2002 16:15:40 +1200 (NZST) (sender pgut001@cs.auckland.ac.nz)
Date: Fri, 16 Aug 2002 16:15:40 +1200
Message-ID: <200208160415.QAA18722@ruru.cs.auckland.ac.nz>
From: pgut001@cs.auckland.ac.nz
To: ggr@qualcomm.com, rhousley@rsasecurity.com
Subject: Re: [Cfrg] draft-housley-ccm-mode-00.txt
Cc: cfrg@ietf.org
Sender: cfrg-admin@ietf.org
Errors-To: cfrg-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: Crypto Forum Research Group <cfrg.ietf.org>
X-BeenThere: cfrg@ietf.org
Greg Rose <ggr@qualcomm.com> writes: >Doing the authentication and the encryption with the same key is bad >practice. You should take the input key, and derive from it two subordinate >keys, which are independent of each other as far as an outside attacker can >tell, then use one of them for the counter mode encryption, the other for >the CBC-MAC. This doesn't work if your crypto hardware or software doesn't give you access to the key, which is quite common. The way I was doing it for the encrypt+MAC is to use the encryption algorithm to generate a MAC key by encrypting an all-zero block(s), this both avoids the problem of key inaccessibility and means that a rollback attack is made more difficult since the first block of ciphertext is scrambled (it isn't 100% bulletproof, but will catch most attempts to roll back from encrypt+MAC to encrypt-only). Peter. _______________________________________________ Cfrg mailing list Cfrg@ietf.org https://www1.ietf.org/mailman/listinfo/cfrg
- [Cfrg] draft-housley-ccm-mode-00.txt Housley, Russ
- Re: [Cfrg] draft-housley-ccm-mode-00.txt Greg Rose
- Re: [Cfrg] draft-housley-ccm-mode-00.txt David Wagner
- Re: [Cfrg] draft-housley-ccm-mode-00.txt Housley, Russ
- Re: [Cfrg] draft-housley-ccm-mode-00.txt Greg Rose
- Re: [Cfrg] draft-housley-ccm-mode-00.txt Peter Gutmann
- Re: [Cfrg] draft-housley-ccm-mode-00.txt Peter Gutmann
- Re: [Cfrg] draft-housley-ccm-mode-00.txt David Wagner
- Re: [Cfrg] draft-housley-ccm-mode-00.txt Housley, Russ
- RE: [Cfrg] draft-housley-ccm-mode-00.txt David A. Mcgrew
- Re: [Cfrg] draft-housley-ccm-mode-00.txt Gé Weijers
- Re: [Cfrg] draft-housley-ccm-mode-00.txt David Wagner
- Re: [Cfrg] draft-housley-ccm-mode-00.txt Gé Weijers
- Re: [Cfrg] draft-housley-ccm-mode-00.txt Uri Blumenthal
- Re: [Cfrg] draft-housley-ccm-mode-00.txt Housley, Russ
- Re: [Cfrg] draft-housley-ccm-mode-00.txt Peter Gutmann
- Re: [Cfrg] draft-housley-ccm-mode-00.txt Carl Ellison
- [Cfrg] Re: draft-housley-ccm-mode-00.txt Housley, Russ