[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: security fixes (KDF, MDC->MAC)?

To: ietf-openpgp@xxxxxxx
Subject: Re: security fixes (KDF, MDC->MAC)?
From: disastry@xxxxxxxxxx
Date: Fri, 27 Sep 2002 10:05:51 +0200
Delivery-date: Fri, 27 Sep 2002 10:56:52 +0200
Envelope-to: ietf-openpgp@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

> Hello OpenPGP,
> 
> Is there interest in fixing the security flaws discussed in the recent
> "security analysis" thread? -
> 
> (1) the Integrity Protected Data and MDC Packets fail to stop Schneier et
> al's attack, because the ciphertext blocks can be pasted into a
> non-integrity protected packet (ie ciphertext from a tag 18 packet can be
> placed in a tag 9 packet, evading the MDC).

5.13.
[...]    Unlike the Symmetrically Encrypted Data Packet, no
   special CFB resynchronization is done after encrypting this prefix
   data.

doesn't this prevent converting packet 18 to 9 ?

__
Disastry  http://disastry.dhs.org/
http://disastry.dhs.org/pgp
 ^----PGP 2.6.3ia-multi06 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
      AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes)
-----BEGIN PGP SIGNATURE-----
Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1

iQA/AwUBPZP1EjBaTVEuJQxkEQOATQCgyqK8s+ckQ9Rdvv0gcMf7yro4TacAnjhj
iKE3L05dk1Crh2gv2pEMGkUL
=ZK80
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: security fixes (KDF, MDC->MAC)?
  - From: Werner Koch

Prev by Date: security fixes (KDF, MDC->MAC)?
Next by Date: ASN.1 OID for TIGER/192
Previous by thread: security fixes (KDF, MDC->MAC)?
Next by thread: Re: security fixes (KDF, MDC->MAC)?
Index(es):
- Date
- Thread