[2360] in cryptography@c2.net mail archive
RE: Rivest's Chaffing and Winnowing
daemon@ATHENA.MIT.EDU (Bill Stewart)
Wed Mar 25 10:47:38 1998
Date: Tue, 24 Mar 1998 08:50:03 -0800
To: cryptography@c2.net
From: Bill Stewart <bill.stewart@pobox.com>
In-Reply-To: <F35EDEB7ED39D1119A61006008360A11011A8641@msnyc1.nyc.deshaw
.com>
At 12:36 PM 3/23/98 -0500, "Dukhovni, Viktor" <Viktor-Dukhovni@deshaw.com>, wrote:
> Since real encryption would be required to support per message key
>management, one should perturb the keyed MAC for each message sent to
>prevent this problem. Adding a non-recurring IV to the secret key may be an
>adequate solution.
It depends on the MAC you're using, and whether you apply it to
each packet (e.g. MAC(sequencenumber, bit) ) or to the stream of
data from the beginning through the current bit, or to some window
of the last N bits of data.
There are synchronization issues if you use a MAC on the entire
data stream - any lost or currupted bit trashes the rest of the stream.
If you do a windowed system, you can resync more easily, but
there's no security from an IV, though you could do something
special like store the first N bits of the session and use
them as an IV in every window.
Thanks!
Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
