IGE mode is broken (Re: IGE mode in OpenSSL)
Ben Laurie
ben at algroup.co.uk
Wed Sep 13 11:32:47 EDT 2006
Kuehn, Ulrich wrote:
>
>
>> From: Ben Laurie [mailto:ben at algroup.co.uk]
>>> Do I understand correctly? You do want that nobody is able to
>>> authenticate a message, however, it shall not be intelligible if
>>> manipulated with?
>> Correct. Minx (which is the only place I use IGE) avoids
>> traffic marking attacks in two ways:
>>
>> a) all messages are "correct"
>>
>> b) any attempt to mark a message results in its complete corruption
>>
>> See the Minx paper, http://www.apache-ssl.org/minx.pdf.
>>
> Looks interesting! Have you looked at Ron Rivest's Chaffing and Winnowing?
Yes. Not sure why its relevant?
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list