Columbia crypto box
Steven M. Bellovin
smb at research.att.com
Mon Feb 10 15:51:50 EST 2003
In message <Pine.LNX.4.40.0302101144420.13432-100000 at bolt.sonic.net>, bear writ
es:
>
>>It's one of those things, like re-using a pad.
>
>Actually, it is re-using a pad, exactly. It's just a pseudorandom
>pad (stream cipher) instead of a one-time pad.
>
>And while WEP had problems, it didn't have that particular problem.
>New messages with the "same" key would use a later chunk of the
>cipherstream pad under WEP.
That's not correct. Each packet is encrypted with a key consisting of
<basekey,IV>, where "IV" is a 24-bit counter. It does not use a later
part of the stream; each packet starts from the beginning.
Note that with a 24-bit key, plus the difficulty of changing the key,
there *will* be reuse. It's compounded because (a) everyone has the
same key, so there's lots of traffic; (b) both directions use the same
key; and (c) some units, when power-cycled, always start the IV at 0,
making collisions in that space more likely.
Read the Borisov et al. paper for more details on all of these points
and more.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list