IETF Logo Mail Archive

Re: [Isis-wg] draft-bhatia-manral-crypto-req-isis-01.txt

Tony Li <tli@cisco.com> Fri, 02 March 2007 23:25 UTC

Return-path: <isis-wg-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HNH8A-0001Vs-OT; Fri, 02 Mar 2007 18:25:42 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HNFLV-0000Sz-L8 for isis-wg@ietf.org; Fri, 02 Mar 2007 16:31:21 -0500
Received: from sj-iport-4.cisco.com ([171.68.10.86]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HNF4w-0004XU-Ru for isis-wg@ietf.org; Fri, 02 Mar 2007 16:14:21 -0500
Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-4.cisco.com with ESMTP; 02 Mar 2007 13:14:14 -0800
X-IronPort-AV: i="4.14,244,1170662400"; d="scan'208"; a="44679127:sNHT48288798"
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-4.cisco.com (8.12.11/8.12.11) with ESMTP id l22LEEqx004080; Fri, 2 Mar 2007 13:14:14 -0800
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id l22LE7VE025146; Fri, 2 Mar 2007 13:14:14 -0800 (PST)
Received: from xfe-sjc-212.amer.cisco.com ([171.70.151.187]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 2 Mar 2007 13:14:12 -0800
Received: from [171.71.55.245] ([171.71.55.245]) by xfe-sjc-212.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 2 Mar 2007 13:14:12 -0800
In-Reply-To: <45E88174.7040208@ipinfusion.com>
References: <7993FE39-A603-4830-B63F-9615A38B3DEA@cisco.com> <45E88174.7040208@ipinfusion.com>
Mime-Version: 1.0 (Apple Message framework v752.3)
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <5B7CE451-04FE-42EC-B786-8F952C3F8C0A@cisco.com>
Content-Transfer-Encoding: 7bit
From: Tony Li <tli@cisco.com>
Subject: Re: [Isis-wg] draft-bhatia-manral-crypto-req-isis-01.txt
Date: Fri, 02 Mar 2007 13:14:10 -0800
To: Vishwas Manral <vishwas@ipinfusion.com>
X-Mailer: Apple Mail (2.752.3)
X-OriginalArrivalTime: 02 Mar 2007 21:14:12.0152 (UTC) FILETIME=[B9819B80:01C75D0F]
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1840; t=1172870054; x=1173734054; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=tli@cisco.com; z=From:=20Tony=20Li=20<tli@cisco.com> |Subject:=20Re=3A=20[Isis-wg]=20draft-bhatia-manral-crypto-req-isis-01.tx t |Sender:=20; bh=mtWduJAJp4XMRRZe6hXfjleJPwuz1/SRypOFPIAygME=; b=m731yqIlZd1wls69sEqzmg75lp9mioWFXWXtJXpFjJ2HcP74NuBKGBQyJyPflyil1YzRPmYK fsUYJhv4rPP5/TrKsW8YW6leQJMVrYxW+bMQ/UsFPidRZETxMV9wgCe3;
Authentication-Results: sj-dkim-4; header.From=tli@cisco.com; dkim=pass (sig from cisco.com/sjdkim4002 verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: cab78e1e39c4b328567edb48482b6a69
Cc: isis-wg@ietf.org
X-BeenThere: isis-wg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF IS-IS working group <isis-wg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/isis-wg>
List-Post: <mailto:isis-wg@ietf.org>
List-Help: <mailto:isis-wg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=subscribe>
Errors-To: isis-wg-bounces@ietf.org

On Mar 2, 2007, at 11:56 AM, Vishwas Manral wrote:

> Collisions are however against the basic design of hash functions.


Vishwas,

Hashing functions necessarily produce collisions.  The input to a  
hashing function is usually a set of bits that are a function of the  
packet being sent and some secret: f(secret, packet).  f() is usually  
something simple, such as concatenation.  The number of bits produced  
by f() is usually large, say on the order of 10,000.  As an example a  
1200 byte LSP is going to inject 9600 bits.

The hashing function H(), then performs a transform:

	h = H(f(secret, packet))

where h is the hash result that we insert into the packet.

The hashing function then takes these 10,000 bits and produces a much  
smaller result.  In the case of HMAC-MD5, it's producing 128 bits.   
Simple combinatorics tells us that if you map 2^10,000 possible  
inputs to 2^128th possible results, on average, there will be many  
different inputs for any given output.

Thus, collisions with a hashing function are *inevitable*.

This does not make them insecure.  Our purpose in using a hashing  
function is to provide authentication.  We wish to ensure that an  
attacker cannot take an arbitrary packet P' and compute a similar  
hash without knowing the secret.  Collision attacks do not give an  
attacker that capability.

They do give the attacker the ability to compute some arbitrary  
packet P" that will result in the same hash value.  Once again,  
injecting arbitrary packets P" is not a very interesting attack.  You  
might as well just generate random packets and throw them at the  
system.  Both will result in a DoS attack, but both should be  
rejected by the simple and straightforward integrity and syntactic  
checks of the protocol.

Regards,
Tony

_______________________________________________
Isis-wg mailing list
Isis-wg@ietf.org
https://www1.ietf.org/mailman/listinfo/isis-wg

v2.23.0 | Report a Bug | By Email