| To: | "CIPE-list" <cipe-l,AT,inka,DOT,de> |
| Subject: | CRC-32 and CipeX |
| From: | "Hans Steegers" <hsx,AT,dds,DOT,nl> |
| Date: | Sat, 27 Sep 2003 12:44:49 +0200 |
| Reply-to: | "Hans Steegers" <steegers,AT,steegers,DOT,nl> |
Since the CRC-32 checksum is **possibly** a weakness that is **relatively** easy to fix, I _intend_ to implement the following changes in my CipeX patch: *1* I will use the two remaining unused bits in the P-byte to specify which checksum algoritm to use: 00: CRC-32 as in the current version 01: Another 32 bits checksum, improved algoritm (to be decided) 10: 64 bits checksum algoritm (to be decided). 11: 128 bits checksum algoritm (to be decided: MD5?). * The checksum algoritm to use can be specified in the options file. * I am looking for existing reliable checksum routines usable in kernel space, so I don't have to re-invent wheels. (any input is welcome) Note that libraries cannot be used in kernel space. * It will increase the code size (3 additional cksm routines), but it allows the user to decide the level of security against speed, and maintains compatibility with the previous version. *2* Another intended change is to decrease the life-time of the dynamic key, or to make it configurable (any input is welcome). This will address the most important issues with a minimum effort. A complete overhaul of the packet format etc. is not urgent and should be combined with a new implementation using kernel services in the new 2.6 kernel, as outlined in a previous posting. **IMPORTANT NOTE** This patch will NOT become available for COMMERCIAL use until my work if FULLY paid by those greedy selfish sharks making a lot of money from other peoples work, without giving anything back to the community, but FUD. Have fun, __________________________________________________ Hans Steegers