Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms
"Steven M. Bellovin" <smb@cs.columbia.edu> Fri, 04 January 2008 04:32 UTC
Return-path: <cfrg-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1JAeEo-0005y7-0o; Thu, 03 Jan 2008 23:32:54 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1JAeEm-0005y2-CN for cfrg@ietf.org; Thu, 03 Jan 2008 23:32:52 -0500
Received: from machshav.com ([198.180.150.44]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1JAeEm-0006k3-0j for cfrg@ietf.org; Thu, 03 Jan 2008 23:32:52 -0500
Received: by machshav.com (Postfix, from userid 512) id D016B5BB; Fri, 4 Jan 2008 04:32:51 +0000 (GMT)
Received: from berkshire.machshav.com (localhost [127.0.0.1]) by machshav.com (Postfix) with ESMTP id 3DCC817E; Fri, 4 Jan 2008 04:32:51 +0000 (GMT)
Received: by berkshire.machshav.com (Postfix, from userid 54047) id 3DB8C7661D4; Thu, 3 Jan 2008 23:32:50 -0500 (EST)
Date: Fri, 04 Jan 2008 04:32:50 +0000
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: Sean Shuo Shen <sshen@huawei.com>
Subject: Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms
Message-ID: <20080104043250.586adf6c@berkshire.machshav.com>
In-Reply-To: <002a01c84e82$d36efb40$350c6f0a@china.huawei.com>
References: <20080104030507.7297e280@cs.columbia.edu> <002a01c84e82$d36efb40$350c6f0a@china.huawei.com>
Organization: Columbia University
X-Mailer: Claws Mail 3.2.0 (GTK+ 2.12.0; i386--netbsdelf)
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Spam-Score: -4.0 (----)
X-Scan-Signature: e1e48a527f609d1be2bc8d8a70eb76cb
Cc: saag@mit.edu, cfrg@ietf.org
X-BeenThere: cfrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:cfrg@ietf.org>
List-Help: <mailto:cfrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>
Errors-To: cfrg-bounces@ietf.org
On Fri, 04 Jan 2008 11:35:17 +0800 Sean Shuo Shen <sshen@huawei.com> wrote: > Thank you Steven. > > >>Sean Shuo Shen <sshen@huawei.com> wrote: > >> Hi Stephen, > >> Can you talk more details about the FIPS evaluation problem? > > >The issue is what the assurance boundary is. If the TCP sequence > >number is cryptographically significant, the entire process by which > >it's set (including original generation and anything else in the > >stack or kernel that could touch it) has to be part of the > >evaluation, too. > > The isn generation of some windows versions and linux is not random > enough and is vulnerable (like RST attack). So the seq num can not be > a source for randomness. But if a seq num is used just as an index > instead of a random seed, it is not cryptographically significant and > I don't think it will affect the cryptographic strength. What do you > think, Steven? > The questions to ask are (a) what are the consequences if there's a collision or repetition; (b) what are the consequences if the enemy can predict the value; (c) can the enemy cause such things, with some probability; and (d) if the answer to the previous questions indicates potential trouble, what are the assurances that trouble won't happen? For example -- in a straight RFC 793 TCP, the approximate value of an ISN is knowable; after all, that's how sequence number attacks are launched. If RFC 1948 sequence numbers are used, the ISN of a new instance of a connection 4-tuple is approximately knowable. The sequence numbers of subsequent packets in a connection are 100% knowable. The answer to (c) is yes, the attacker will generally know it. Is this a problem? I've lost track of what specific algorithm is being discussed here, so I won't try to answer in detail, but in general these are the kinds of questions that have to be answered. --Steve Bellovin, http://www.cs.columbia.edu/~smb _______________________________________________ Cfrg mailing list Cfrg@ietf.org https://www1.ietf.org/mailman/listinfo/cfrg
- [Cfrg] Re: [saag] TCP-AO MAC algorithms mcgrew
- RE: [Cfrg] Re: [saag] TCP-AO MAC algorithms Sean Shuo Shen
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- Re: [Cfrg] Re: [saag] TCP-AO MAC algorithms mcgrew
- Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms Stephen Kent
- RE: [Cfrg] Re: [saag] TCP-AO MAC algorithms Sean Shuo Shen
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms Steven M. Bellovin
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- Re: [saag] [Cfrg] Re: TCP-AO MAC algorithms Steven M. Bellovin
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Stephen Kent
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen
- RE: [saag] [Cfrg] Re: TCP-AO MAC algorithms Sean Shuo Shen