<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: 'CIPE-list' <cipe-l,AT,inka,DOT,de>
Subject: RE: Data integrity check in CIPE - Please explain me thenecessityor benefit of a larger checksum.
From: "Eric M. Hopper" <hopper,AT,omnifarious,DOT,org>
Date: Mon, 29 Sep 2003 11:35:58 -0500
In-reply-to: <000001c38681$f01447f0$d100010a@lyta>
Organization: Omnifarious Software
References: <000001c38681$f01447f0$d100010a@lyta>

On Mon, 2003-09-29 at 07:05, Mark Smith wrote:
> > * Existing packets: possible within the lifetime of the dynamic key (15
> > minutes IIRC, so 7 min. on average) It will be seen as duplicated packets
> > within the tunnel traffic.
> 
> If this were part of a complete sequence, replaying it a few seconds later
> could be catastrophic.  Even if it were TCP, a new connection faked
> correctly could cause, for example, a database transaction to be repeated,
> or worse.  Replay is an issue - not just duplicate packets sent at the same
> time.  Coupled with the checksum issue, as one of those packets may even
> have been modified, and you're looking at a vulnerability that can be used
> by someone capable of sniffing and introducing their own packets into the
> stream.

Part of the TCP handshake is a sequence number negotiation.  The
sequence doubles as a cookie that prevents replayed spoofed
connections.  Some TCP implementations have very predictable sequence
numbers that they use, so this cannot be relied upon.

> Could the payload be altered to include such a CRC, and compare both the new
> and existing checksums to determine if the packet has been altered?

This wouldn't help a lot.  As I've pointed out before, making changes to
a known plaintext is easy for an attacker.  The CRC represents a known
plaintext.  While the modification of the CRC, or any other part of the
message causes another part to become gibberish, it's hard to quanitify
how much harder this makes things for an attacker.

Have fun (if at all possible),
--
There's an excellent C/C++/Python/Unix/Linux programmer with a wide
range of other experience and system admin skills who needs work.
Namely, me. http://www.omnifarious.org/~hopper/resume.html
-- Eric Hopper <hopper,AT,omnifarious,DOT,org>

Attachment: signature.asc
Description: This is a digitally signed message part


<< | Thread Index | >> ]    [ << | Date Index | >> ]