Re: Even more ways to fix the cbc-mode attack

To: Bill Sommerfeld <sommerfeld%netbsd.org@localhost>
Subject: Re: Even more ways to fix the cbc-mode attack
From: nico <nico%verizon.net@localhost>
Date: Sun, 24 Mar 2002 03:50:09 -0500

Modern Kerberos crypto uses confounders instead of IVs.

Nico

On Wed, Mar 20, 2002 at 01:31:56PM -0500, Bill Sommerfeld wrote:
> Since TLS has the same CBC attack problem, I attended that WG...
> 
> Eric Rescorla mentioned a few ideas which had been kicked around on
> TLS for fixing the problem.
> 
> In addition to the ones that have been mentioned already either on the
> list or in Monday's meeting, there are:
> 
> 	- stream-like modes (CTR, OFB)
> 	- explicit IV
> 
> Eric also mentioned two other ideas which allow the continued use of
> CBC mode:
> 
>  - use an implicit pseudorandom IV (i.e., both sides run counter mode
> or what have you with a different key just to generate the IV)
> 
>  - move the MAC to the start of the packet and (somehow) use that as
> the IV.
> 
> There didn't seem to be consensus in that group on the right answer,
> either...
> 
> 						- Bill
>

References:
- Even more ways to fix the cbc-mode attack
  - From: Bill Sommerfeld

Prev by Date: Re: closing a channel
Next by Date: Re: an attack against SSH2 protocol
Previous by Thread: Re: Even more ways to fix the cbc-mode attack
Next by Thread: SFTP owner, group and mode flags...
Indexes:

Home | Main Index | Thread Index | Old Index