[12506] in cryptography@c2.net mail archive
Re: Columbia crypto box
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Mon Feb 10 23:58:39 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
From: "Steven M. Bellovin" <smb@research.att.com>
To: "Paul A.S. Ward" <pasward@tolstoy.uwaterloo.ca>
Cc: Greg Rose <ggr@qualcomm.com>,
David Wagner <daw@mozart.cs.berkeley.edu>,
cryptography@wasabisystems.com
Date: Mon, 10 Feb 2003 23:03:11 -0500
In message <3E487440.5050005@tolstoy.uwaterloo.ca>, "Paul A.S. Ward" writes:
>Is it really fair to blame WEP for not using AES when AES wasn't around
>when WEP was being created?
>
Of course they couldn't have used AES. But there are other block
ciphers they could have used. They could have used key management.
They could have added a MAC. They could have used a longer "IV" field,
with a random starting point mandated by the spec. Or they could have
put a big warning on saying "this doesn't protect you from very much".
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
