IGE mode is broken (Re: IGE mode in OpenSSL)

Ben Laurie ben at algroup.co.uk
Wed Sep 13 11:32:47 EDT 2006


Kuehn, Ulrich wrote:
>  
> 
>> From: Ben Laurie [mailto:ben at algroup.co.uk] 
>>> Do I understand correctly? You do want that nobody is able to 
>>> authenticate a message, however, it shall not be intelligible if 
>>> manipulated with?
>> Correct. Minx (which is the only place I use IGE) avoids 
>> traffic marking attacks in two ways:
>>
>> a) all messages are "correct"
>>
>> b) any attempt to mark a message results in its complete corruption
>>
>> See the Minx paper, http://www.apache-ssl.org/minx.pdf.
>>
> Looks interesting! Have you looked at Ron Rivest's Chaffing and Winnowing? 

Yes. Not sure why its relevant?

-- 
http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list