Re: a more detailed analysis of "known IV" vulnerability.

To: Niels Möller <nisse%lysator.liu.se@localhost>
Subject: Re: a more detailed analysis of "known IV" vulnerability.
From: Wei Dai <weidai%eskimo.com@localhost>
Date: Thu, 14 Mar 2002 18:12:05 -0800

On Thu, Mar 14, 2002 at 11:58:55AM +0100, Niels Möller wrote:
> Wei Dai <weidai%eskimo.com@localhost> writes:
> > 2. By opening 2^24 channels, the attacker can gain control over 8 more
> > bits of the plaintext for 8-byte block size, and 24 more bits for 16-byte
> > block size.
> 
> Do implementations allow that? My implementation has an arbitrary
> limit of 2^17 channels per connection. (And channel numbers are
> allocated sequentially).

The attacker does not need to keep all of the channels open. He can open
and close 2^24 channels to iterate through the channel numbers, and just
keep 2^8 channels, each with a different id mod 2^16, open for the attack.

Follow-Ups:
- Re: a more detailed analysis of "known IV" vulnerability.
  - From: Niels Möller

References:
- a more detailed analysis of "known IV" vulnerability.
  - From: Bill Sommerfeld
- Re: a more detailed analysis of "known IV" vulnerability.
  - From: Wei Dai
- Re: a more detailed analysis of "known IV" vulnerability.
  - From: Niels Möller

Prev by Date: Re: Core draft last call update.
Next by Date: Re: Core draft last call update.
Previous by Thread: Re: a more detailed analysis of "known IV" vulnerability.
Next by Thread: Re: a more detailed analysis of "known IV" vulnerability.
Indexes:

Home | Main Index | Thread Index | Old Index