[E-Lang] Combining strong authentication and secrecy protocols.

Ben Laurie ben@algroup.co.uk
Tue, 20 Feb 2001 17:46:31 +0000


hal@finney.org wrote:
> 
> Ben writes:
> > The actual algorithm is to XOR all the plaintext blocks together, and
> > use that in place of the last plaintext block. The last block should
> > include a checksum. Hence, any change to the plaintext anywhere will
> > corrupt the last block and invalidate the checksum.
> 
> Just be careful with these xor based checkums that you don't try to
> use them with an xor based stream cipher like RC4!  That was one of the
> main factors in the break of the wireless protocol by a group including
> David Wagner.  The attacker can xor into the ciphertext and it will go
> through as a corresponding xor to the plaintext; he can then compensate
> by xoring the checksum and the change won't be noticed.

Yes, a good example of how naive combination of various secure
components does not necessarily result in a secure whole.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff