Hans Steegers <steegers,AT,steegers,DOT,nl>|
Re: Simple steps to improve CIPE security|
Sandino Araico Sanchez <sandino,AT,sandino,DOT,net>|
Tue, 07 Oct 2003 20:38:23 -0500|
Allan Latham <alatham,AT,flexsys-group,DOT,com>, CIPE-list <cipe-l,AT,inka,DOT,de>|
Hans Steegers wrote:
Hi Allan,It's not that costly if we assume static keys are not being used for
data transfer so we just have two choices to guess from: static key or
the current dynamic key.
2. Disable static key for data exchange (via options).Probably not difficult to implement.
3. Do not identify static key use in the IV (via options). This willinvolve
an extra decrytion step is the dynamic key decrypt fails.
Looks like more difficult to implement. Trial and error decryption is
In the wost case it's twice as costly because dynamic key decryption
needs to fail before trying static key decryption. And there's no
overhead on processing data traffic..
I have to investigate, but at the moment I haven't got the time for it.
Sandino Araico Sánchez
-- Lo que no mata engorda.