[42866] in cryptography@c2.net mail archive
Re: IGE mode is broken (Re: IGE mode in OpenSSL)
daemon@ATHENA.MIT.EDU (Ben Laurie)
Wed Sep 13 15:29:06 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 13 Sep 2006 12:15:18 +0100
From: Ben Laurie <ben@algroup.co.uk>
To: "Kuehn, Ulrich" <Ulrich.Kuehn@telekom.de>
Cc: cryptography@metzdowd.com
In-Reply-To: <490A625B3DFD8A45B4A7F1ABA8DEA8B401C30A3C@S4DE9JSAAMU.ost.t-com.de>
Kuehn, Ulrich wrote:
>
>
>> -----Original Message----- From: Ben Laurie
>> [mailto:ben@algroup.co.uk] Sent: Samstag, 9. September 2006 22:39
>> To: Adam Back Cc: Travis H.; Cryptography; Anton Stiglic Subject:
>> Re: IGE mode is broken (Re: IGE mode in OpenSSL)
>>
> [...]
>> In any case, I am not actually interested IGE itself, rather in
>> biIGE (i.e. IGE applied twice, once in each direction), and I don't
>> care about authentication, I care about error propagation -
>> specifically, I want errors to propagate throughout the plaintext.
>>
>> In fact, I suppose I do care about authentication, but in the
>> negative sense - I want it to not be possible to authenticate the
>> message.
>>
>
> Do I understand correctly? You do want that nobody is able to
> authenticate a message, however, it shall not be intelligible if
> manipulated with?
Correct. Minx (which is the only place I use IGE) avoids traffic marking
attacks in two ways:
a) all messages are "correct"
b) any attempt to mark a message results in its complete corruption
See the Minx paper, http://www.apache-ssl.org/minx.pdf.
> Or do you want that the authentication test fails if the message has
> been tampered with?
No.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com