[7006] in bugtraq
Re: CISCO PIX Vulnerability
daemon@ATHENA.MIT.EDU (Jamie Thain)
Mon Jun 22 11:14:08 1998
Date: Sat, 20 Jun 1998 10:24:54 -0300
Reply-To: jthain@sbi.bm
From: Jamie Thain <jthain@SBI.BM>
X-To: David Wagner <daw@CS.BERKELEY.EDU>
To: BUGTRAQ@NETSPACE.ORG
David,
David
> The simplest attack (``the Exabyte attack'') is to encrypt some
> common plaintext block (e.g. "\nlogin: ") under all 2^48 possible
> keys, and store the 2^48 ciphertext results on a big Exabyte tape;
> then each subsequent link-encryption key can be broken with O(1)
> effort. Thanks to the ECB mode, such a common plaintext block
> should be easy to find. (With a real chaining mode, these attacks
> are not possible under a ciphertext-only assumption, because the
> chaining vector serves as a kind of salt.)
Even if the ciper were a one byte char, the resulting data set size
would be 281,474 GB big, I have not heard of a 281TB tape drive yet.
> A much more practical approach would use Hellman's time-space
> tradeoff. There, you'd need only about 2^32 space (e.g. $100 at
> Fry's for a cheap hard disk), plus you'd need to do a 2^48 precomputation.
> After the precomputation, each subsequent link-encryption key
> can be broken with about 2^32 trial encryptions.
This is 4GB which is doable, but the resultant set of cipertexts would
still be ~24GB big, which makes you want to have a really good reason.
Although with some dedicated Hardware 281 Trillion combinations could be
tried in a few minutes, and it would be broken.
regards:jamie
