IETF Logo Mail Archive

Re: SNMPv2 security

uri@watson.ibm.com Fri, 28 January 1994 23:21 UTC

Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa14908; 28 Jan 94 18:21 EST
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa14904; 28 Jan 94 18:21 EST
Received: from relay.tis.com by CNRI.Reston.VA.US id aa19161; 28 Jan 94 18:21 EST
Received: by relay.tis.com; id AA01512; Fri, 28 Jan 94 16:55:20 EST
Received: from magellan.tis.com(192.33.112.124) by relay via smap (V1.0mjr) id smaa01501; Fri Jan 28 16:54:55 1994
Received: from magellan.tis.com by magellan.TIS.COM id aa16815; 28 Jan 94 16:52 EST
Received: from sol.tis.com by magellan.TIS.COM id aa16811; 28 Jan 94 16:46 EST
Received: from relay.tis.com by tis.com (4.1/SUN-5.64) id AA01253; Fri, 28 Jan 94 16:45:48 EST
Received: by relay.tis.com; id AA01385; Fri, 28 Jan 94 16:46:17 EST
Received: from watson.ibm.com(129.34.139.4) by relay via smap (V1.0mjr) id sma001379; Fri Jan 28 16:45:43 1994
Received: from WATSON by watson.ibm.com (IBM VM SMTP V2R3) with BSMTP id 6899; Fri, 28 Jan 94 16:40:31 EST
Received: from YKTVMH by watson.vnet.ibm.com with "VAGENT.V1.0" id 2214; Fri, 28 Jan 1994 16:40:17 EST
Received: from cyst.watson.ibm.com by yktvmh.watson.ibm.com (IBM VM SMTP V2R3) with TCP; Fri, 28 Jan 94 16:40:16 EST
Received: from buoy.watson.ibm.com by cyst.watson.ibm.com (AIX 3.2/UCB 5.64/900528) id AA102875; Fri, 28 Jan 1994 16:40:31 -0500
Received: by buoy.watson.ibm.com (AIX 3.2/UCB 5.64/900524) id AA14395; Fri, 28 Jan 1994 16:40:29 -0500
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: uri@watson.ibm.com
Message-Id: <9401282140.AA14395@buoy.watson.ibm.com>
Subject: Re: SNMPv2 security
To: kasten@ftp.com
Date: Fri, 28 Jan 1994 16:40:29 -0500
Cc: romanov@nacto.lkg.dec.com, snmp@psi.com, snmpv2@magellan.tis.com
In-Reply-To: <9401281828.AA02665@tri-flow.ftp.com.ftp.com> from "Frank Kastenholz" at Jan 28, 94 01:28:39 pm
Reply-To: uri@watson.ibm.com
X-Mailer: ELM [version 2.4 PL20]
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Content-Length: 1743

Frank Kastenholz says:
> If you manage to intercept all transactions, you will have only 2
> transactions which contain any given key-value. In effect, you have
> two numbers, each of which is the exclusive or of a constant (the
> key) and a different, unknown random number.
> Just to show the point, assume that keys are 8-bits long. Let us say
> that you have intercepted the first ten key changes from a manager to
> a specific agent (e.g. the (K1 xor K0) ... (K10 xor K9) exchanges,
> above). The data that you have received are: 0xbf, 0x99, 0x25, 0xc1,
> 0x2e, 0xc7, 0x9d, 0xc4, 0x51, and 0x45. What are the keys?

Just to get back to cryptographic view of this problem...

What is the reason people change their [secret] keys?
Why not leave the same one for indefinite time?

Maybe it's because there's a desire to make sure,  that
if at any moment an adversary _somehow_ (i.e. black bag
job, cryptanalysis, bribery, torture) acquires our key,
it's "usability" will be limited,  and our traffic will
be compromised only during a lifetime of the key  [that
we lost].

Now in this XOR scheme, it doesn't matter at what point
in time I get your key -  but your traffic is open to
me from now on, both in past (pre-recorded messages)
and whatever you'll send in the future. Also, if
there's is a cryptanalytic attack on the key,
then these XORs make sure I'll be able to
exploit _all_ the traffic, rather than
just those messages, encrypted or
protected by that particular
key I'm trying to crack.

Thus - what do we save by "changing" the key in
such a funny way?  What kind of "attack" are we
twarting? Inquiring minds want to know (:-).
--
Regards,
Uri         uri@watson.ibm.com      scifi!angmar!uri 	N2RIU
-----------
<Disclamer>

v2.23.0 | Report a Bug | By Email