[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CERT statement

To: "Perry E. Metzger" <[email protected]>
Subject: Re: CERT statement
From: Thomas Grant Edwards <[email protected]>
Date: Fri, 27 Jan 1995 14:09:17 -0500 (EST)
Cc: [email protected]
In-Reply-To: <[email protected]>
Sender: [email protected]

On Fri, 27 Jan 1995, Perry E. Metzger wrote:

> If things are merely encrypted, an attacker can garble them without
> being caught -- I can "decrypt" random numbers into other random
> numbers if I want.  Think of an attacker trying to sabotage the
> transfer of a binary file and you'll see why you need authentication.

You certainly need some kind of encrypted secure checksum (MAC) to ensure 
message integrity.  I don't think you have to go through the 
entire authentication of the principal.  (Though as V. Gligor keeps 
showing, even if you have a MAC at the end of your data, there are still 
some kinds of integrity attacks which are possible if you are not careful 
about how MACs and encryption is used).

Now if you are talking about simple denial-of-service (detected tampering
or traffic flooding), that is another more difficult story. 

-Thomas

Follow-Ups:
- Re: CERT statement
  - From: "Perry E. Metzger" <[email protected]>

References:
- Re: CERT statement
  - From: "Perry E. Metzger" <[email protected]>

Prev by Date: Re: CERT statement
Next by Date: Re: CERT statement
Prev by thread: Re: CERT statement
Next by thread: Re: CERT statement
Index(es):
- Date
- Thread