<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: cipe-l,AT,inka,DOT,de
Subject: Simple steps to improve CIPE security
From: Allan Latham <alatham,AT,flexsys-group,DOT,com>
Date: Tue, 30 Sep 2003 14:27:06 +0200
In-reply-to: <E1A2bsS-00033q-00@bigred.inka.de>
References: <E1A2bsS-00033q-00@bigred.inka.de>

Hi all

In my opinion the following can be implemented with little change to CIPE.

The changes involved should be clearly auditable and should carry little risk 
of introducing bugs.

1. Choice of checksum (via options). There is an open source version of MD5 
which is old enough to be accepted. Some may complain about MD5, or about not 
having a signed checksum. In the light of the possible attack we are trying 
to defend against MD5 is prefectly adequate, requires low computational 
effort and no extra key material.

2. Disable static key for data exchange (via options).

3. Do not identify static key use in the IV (via options). This will involve 
an extra decrytion step is the dynamic key decrypt fails.

4. Choice of padding (via options). The following should be allowed:
4.0 As now.
4.1 Fixed maximum packet size (i.e. mtu)
4.2 Fixed minimum packet size (i.e. all packets shorter than this are padded 
to this length)
4.3 In combination with above - modulo 8 or 16 bytes.

As a side note I have not looked into what effect (4) will have as regards 
the 
demands it places on the random number generator used in CIPE. It will 
certainly require a whole lot more random bytes. On this basis we may want to 
postpone it.

Any comments?

Best regards

Allan


<< | Thread Index | >> ]    [ << | Date Index | >> ]