<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: Hans Steegers <steegers,AT,steegers,DOT,nl>
Subject: Re: Simple steps to improve CIPE security
From: Sandino Araico Sanchez <sandino,AT,sandino,DOT,net>
Date: Tue, 07 Oct 2003 20:38:23 -0500
Cc: Allan Latham <alatham,AT,flexsys-group,DOT,com>, CIPE-list <cipe-l,AT,inka,DOT,de>
In-reply-to: <000401c387eb$9234bd20$d620a8c0@pcw_hans.hnsasd.priv>
References: <000401c387eb$9234bd20$d620a8c0@pcw_hans.hnsasd.priv>

Hans Steegers wrote:

Hi Allan,



2. Disable static key for data exchange (via options).


Probably not difficult to implement.



3. Do not identify static key use in the IV (via options). This will


involve


an extra decrytion step is the dynamic key decrypt fails.


Looks like more difficult to implement. Trial and error decryption is
costly.

It's not that costly if we assume static keys are not being used for data transfer so we just have two choices to guess from: static key or the current dynamic key.
In the wost case it's twice as costly because dynamic key decryption needs to fail before trying static key decryption. And there's no overhead on processing data traffic..


I have to investigate, but at the moment I haven't got the time for it.




-- Sandino Araico Sánchez -- Lo que no mata engorda.


<< | Thread Index | >> ]    [ << | Date Index | >> ]