[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Cfrg] Re: [saag] Bad day at the hash function factory

To: Scott Fluhrer <sfluhrer at cisco.com>, "Hallam-Baker, Phillip" <pbaker at verisign.com>
Subject: RE: [Cfrg] Re: [saag] Bad day at the hash function factory
From: Alex Alten <alten at EscalonNetworks.com>
Date: Sat, 28 Aug 2004 20:06:26 -0700
Cc: "'Gé Weijers'" <Ge.Weijers at sun.com>, "'cfrg at ietf.org'" <cfrg at ietf.org>, "Hallam-Baker, Phillip" <pbaker at verisign.com>
In-reply-to: <4.3.2.7.2.20040826144257.021cd538@mira-sjc5-b.cisco.com>
List-help: <mailto:cfrg-request@ietf.org?subject=help>
List-id: Crypto Forum Research Group <cfrg.ietf.org>
List-post: <mailto:cfrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
References: <C6DDA43B91BFDA49AA2F1E473732113E010BEAE6@mou1wnexm05.vcorp .ad.vrsn.com>
Sender: cfrg-bounces at ietf.org

At 03:03 PM 8/26/2004 -0700, Scott Fluhrer wrote:

At 12:22 PM 8/26/2004, Hallam-Baker, Phillip wrote:
RC4 has related key weaknesses that make it a poor choice of
cipher. Shamir's attack was a cryptanalytic one.
Actually, how WEP used it caused other significant weaknesses, even beyond what we found: - Only 2^24 distinct keystreams. This means that after (at best) 16 million packets, you're reusing keystreams, even if RC4 had no related key weakness. - No real packet authentication. With WEP, this mean that if he collects an encrypted packet and guesses its contents, he can then spoof *any* packet (possibly limited to packets of the same length).


I've always wanted a good, short hash for packet authentication.
MD5 or SHA-1 are overkill for packets of 1518 bytes or less, that
last only hundreds of milliseconds on a communications link.

Maybe this is why WEP doesn't have it.

- Alex

--

Alex Alten
alten at EscalonNetworks.com
(510)-353-1104


_______________________________________________
Cfrg mailing list
Cfrg at ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg

Follow-Ups:
- RE: [Cfrg] Re: [saag] Bad day at the hash function factory
  - From: Russ Housley

References:
- RE: [Cfrg] Re: [saag] Bad day at the hash function factory
  - From: Scott Fluhrer

Prev by Date: Re: [Cfrg] Re: [saag] Bad day at the hash function factory
Next by Date: RE: [Cfrg] Re: [saag] Bad day at the hash function factory
Previous by thread: RE: [Cfrg] Re: [saag] Bad day at the hash function factory
Next by thread: RE: [Cfrg] Re: [saag] Bad day at the hash function factory
Index(es):
- Date
- Thread