[468] in cryptography@c2.net mail archive
Re: How bad is this?
daemon@ATHENA.MIT.EDU (Gary Howland)
Wed Apr 2 11:25:03 1997
To: perry@piermont.com
cc: cryptography@c2.net
In-reply-to: Your message of "Wed, 02 Apr 1997 09:47:32 CDT."
<199704021447.JAA13215@jekyll.piermont.com>
Date: Wed, 02 Apr 1997 17:34:26 +0200
From: Gary Howland <gary@systemics.com>
>
> Gary Howland writes:
> > > I don't understand why this is necessary. Given how slow TCP initial
> > > handshakes are, and how (relatively) infrequent, I would guess that
> > > this wouldn't improve performance in any noticeable way, and would
> > > lower security...
> >
> > Also bear in mind that SHA produces 20 bytes - good enough for 5 sequence
> > numbers.
> >
> > An alternative might be to use a fast cipher, such as blowfish or RC4.
>
> Actually, neither would work well. You really need a hash for this
> application, and you have to apply it once per connection. See Steve
> Bellovin's RFC on sequence number attacks (is it 1928? I forget) to
> learn why.
Ah, I see - you need F(localhost + localport + remotehost + remoteport),
where F is secret. Still, if a cipher such as blowfish is much faster
than a hash (which it may be, since it works with less data), then
it may still make sense to use that for F, perhaps having one for every
interface so that localhost does not need to be included in the
encrypted data.
But then we'd have an OS that couldn't be exported ...
Gary
