<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: Allan Latham <alatham,AT,flexsys-group,DOT,com>
Subject: Re: Simple steps to improve CIPE security
From: "Eric M. Hopper" <hopper,AT,omnifarious,DOT,org>
Date: Tue, 30 Sep 2003 08:00:50 -0500
Cc: cipe-l,AT,inka,DOT,de
In-reply-to: <200309301427.06164.alatham@flexsys-group.com>
Organization: Omnifarious Software
References: <E1A2bsS-00033q-00@bigred.inka.de> <200309301427.06164.alatham@flexsys-group.com>

On Tue, 2003-09-30 at 07:27, Allan Latham wrote:
> Hi all
> In my opinion the following can be implemented with little change to CIPE.
> The changes involved should be clearly auditable and should carry little 
> risk 
> of introducing bugs.
> 1. Choice of checksum (via options). There is an open source version of MD5 
> which is old enough to be accepted. Some may complain about MD5, or about 
> not 
> having a signed checksum. In the light of the possible attack we are trying 
> to defend against MD5 is prefectly adequate, requires low computational 
> effort and no extra key material.

Not using a keyed hash is a departure from protocol design orthodoxy
that bothers me.  I agree that it seems like it would protect against
message modification attacks much better than CRC does.  I would prefer
the use of the hash127 thing that someone mentioned.  It looks faster
than MD5 even, and it's keyed.  It uses floating point arithmetic
though, so it would be much slower on 386s.


Your other suggestions sound good, though I think 4 is slight overkill,
and that if you do it, using some sort of static padding value instead
of random numbers is probably fine.

Have fun (if at all possible),
There's an excellent C/C++/Python/Unix/Linux programmer with a wide
range of other experience and system admin skills who needs work.
Namely, me. http://www.omnifarious.org/~hopper/resume.html
-- Eric Hopper <hopper,AT,omnifarious,DOT,org>

Attachment: signature.asc
Description: This is a digitally signed message part

<< | Thread Index | >> ]    [ << | Date Index | >> ]