Even more ways to fix the cbc-mode attack

To: ietf-ssh%netbsd.org@localhost
Subject: Even more ways to fix the cbc-mode attack
From: Bill Sommerfeld <sommerfeld%netbsd.org@localhost>
Date: Wed, 20 Mar 2002 13:31:56 -0500

Since TLS has the same CBC attack problem, I attended that WG...

Eric Rescorla mentioned a few ideas which had been kicked around on
TLS for fixing the problem.

In addition to the ones that have been mentioned already either on the
list or in Monday's meeting, there are:

	- stream-like modes (CTR, OFB)
	- explicit IV

Eric also mentioned two other ideas which allow the continued use of
CBC mode:

 - use an implicit pseudorandom IV (i.e., both sides run counter mode
or what have you with a different key just to generate the IV)

 - move the MAC to the start of the packet and (somehow) use that as
the IV.

There didn't seem to be consensus in that group on the right answer,
either...

						- Bill

Follow-Ups:
- Re: Even more ways to fix the cbc-mode attack
  - From: nico
- Re: Even more ways to fix the cbc-mode attack
  - From: Darren J Moffat

Prev by Date: Re: potential disclaimer for the transport draft.
Next by Date: Re: Even more ways to fix the cbc-mode attack
Previous by Thread: potential disclaimer for the transport draft.
Next by Thread: Re: Even more ways to fix the cbc-mode attack
Indexes:

Home | Main Index | Thread Index | Old Index