More info in my AES128-CBC question
Travis H.
travis+ml-cryptography at subspacefield.org
Wed May 9 19:12:23 EDT 2007
On Wed, May 09, 2007 at 06:11:03PM -0400, Leichter, Jerry wrote:
> Just being able to generate traffic over the link isn't enough to
> carry out this attack.
Well, it depends on if you key per-flow or just once for the link. If
the latter, and you have the ability to create traffic over the link,
and there's a 1-for-1 correspondence between plaintext and encrypted
packets, then you have a problem.
Scenarios include:
Private wifi network, you are sending packets at a customer from
unprivileged node on internet; you want known plaintext for the key
used to secure the wifi traffic, or you want the contents of his
connection.
Target is VPN'ed into corporate headquarters, you are sending packets
at them (or you send them email, they download it from their mail server)
--
Kill dash nine, and its no more CPU time, kill dash nine, and that
process is mine. -><- <URL:http://www.subspacefield.org/~travis/>
For a good time on my UBE blacklist, email john at subspacefield.org.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20070509/b33d2664/attachment.pgp>
More information about the cryptography
mailing list