CRC-32 and CipeX|
"Hans Steegers" <hsx,AT,dds,DOT,nl>|
Sat, 27 Sep 2003 12:44:49 +0200|
"Hans Steegers" <steegers,AT,steegers,DOT,nl>|
Since the CRC-32 checksum is **possibly** a weakness that is **relatively**
easy to fix, I _intend_ to implement the following changes in my CipeX
*1* I will use the two remaining unused bits in the P-byte to specify which
checksum algoritm to use:
00: CRC-32 as in the current version
01: Another 32 bits checksum, improved algoritm (to be decided)
10: 64 bits checksum algoritm (to be decided).
11: 128 bits checksum algoritm (to be decided: MD5?).
* The checksum algoritm to use can be specified in the options file.
* I am looking for existing reliable checksum routines usable in kernel
space, so I don't have to re-invent wheels. (any input is welcome) Note that
libraries cannot be used in kernel space.
* It will increase the code size (3 additional cksm routines), but it allows
the user to decide the level of security against speed, and maintains
compatibility with the previous version.
*2* Another intended change is to decrease the life-time of the dynamic key,
or to make it configurable (any input is welcome).
This will address the most important issues with a minimum effort.
A complete overhaul of the packet format etc. is not urgent and should be
combined with a new implementation using kernel services in the new 2.6
kernel, as outlined in a previous posting.
This patch will NOT become available for COMMERCIAL use until my work if
FULLY paid by those greedy selfish sharks making a lot of money from other
peoples work, without giving anything back to the community, but FUD.