RE: A hole in esp-stream-01
Andrew Robison <arobison@timestep.com> Wed, 30 October 1996 14:42 UTC
Received: from relay.hq.tis.com by neptune.TIS.COM id aa09032; 30 Oct 96 9:42 EST
Received: by relay.hq.tis.com; id JAA25488; Wed, 30 Oct 1996 09:46:33 -0500
Received: from clipper.hq.tis.com(10.33.1.2) by relay.tis.com via smap (V3.1.1) id xma025485; Wed, 30 Oct 96 09:46:05 -0500
Received: from relay.hq.tis.com (firewall-user@relay.hq.tis.com [10.33.1.1]) by clipper.hq.tis.com (8.7.5/8.7.3) with SMTP id JAA01211 for <ipsec@tis.com>; Wed, 30 Oct 1996 09:47:53 -0500 (EST)
Received: by relay.hq.tis.com; id JAA25480; Wed, 30 Oct 1996 09:46:03 -0500
Received: from ns.newbridge.com(192.75.23.67) by relay.tis.com via smap (V3.1.1) id xma025470; Wed, 30 Oct 96 09:45:39 -0500
Received: (from adm@localhost) by ns.newbridge.com (8.6.12/8.6.12) id JAA00984 for <ipsec@TIS.COM>; Wed, 30 Oct 1996 09:47:43 -0500
Received: from portero(192.75.23.66) by ns via smap (V1.3) id sma000835; Wed Oct 30 09:47:16 1996
Received: from tsntsrv2.timestep.com ([192.168.219.191]) by kanmaster.ca.newbridge.com (8.6.12/8.6.12) with SMTP id JAA00385 for <ipsec@TIS.COM>; Wed, 30 Oct 1996 09:47:08 -0500
Received: by tsntsrv2.timestep.com with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.993.5) id <01BBC647.A85E7180@tsntsrv2.timestep.com>; Wed, 30 Oct 1996 09:49:35 -0500
Message-ID: <c=US%a=_%p=TimeStep_Corpora%l=TSNTSRV2-961030144933Z-1238@tsntsrv2.timestep.com>
From: Andrew Robison <arobison@timestep.com>
To: "'ipsec@TIS.COM'" <ipsec@TIS.COM>
Subject: RE: A hole in esp-stream-01
Date: Wed, 30 Oct 1996 09:49:33 -0500
X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.993.5
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ipsec-approval@neptune.tis.com
Precedence: bulk
>From: Germano Caronni[SMTP:caronni@tik.ee.ethz.ch] >Sent: October 29, 1996 5:24 PM > >JMKELSEY@delphi.com wrote: >> Now, remember, we turned the high bit off in the ciphertext byte, >> and on in the plaintext byte. What this means is that we subtracted >> 128 from the ciphertext byte, and added it back in the plaintext >> byte. Thus, (C[4]* + P[4]*) = (C[4] + P[4]). >> >> If we have to also deal with the CRC of this, so long as the CRC >> polynomial is known, we can just flip the bits that would have >> changed in the CRC, right? > >Right. Consider my proposals to 'fix' esp-stream as retracted. It either has to be a real (fast) MAC, or a note in the 'Security Considerations'. >What do you people prefer? What about putting a random sized pad at the start and end of the packet as follows such that a known plaintext attack would find it difficult to actually correctly find the plaintext to change: pad_length|pad1|original_packet|pad2|original_packet_length If you assume that original_packet and original_packet_length are completely or partially known, would it be possible to guess pad_length and therefore bypass pad1 and pad2? If pad_length is a four bits (padded out randomly to a byte) and pad1 and pad2 are randomly set between 0 and 15 bytes, would this make it harder to make a successful modification? With a basic 32 bit checksum of bytes it would be as follows: pad_length|pad1|original_packet|checksum|pad2|original_packet_length
- A hole in esp-stream-01 Germano Caronni
- Re: A hole in esp-stream-01 JMKELSEY
- Re: A hole in esp-stream-01 JMKELSEY
- Re: A hole in esp-stream-01 David Wagner
- Re: A hole in esp-stream-01 Germano Caronni
- Re: A hole in esp-stream-01 Germano Caronni
- Re: A hole in esp-stream-01 Germano Caronni
- RE: A hole in esp-stream-01 Andrew Robison
- Re: A hole in esp-stream-01 Germano Caronni
- RE: A hole in esp-stream-01 Andrew Robison