[1095] in Kerberos_V5_Development
Re: Common random routines: for review
daemon@ATHENA.MIT.EDU (Richard Basch)
Fri May 3 00:26:24 1996
Date: Fri, 3 May 1996 00:25:10 -0400
To: Bill Sommerfeld <sommerfeld@orchard.medford.ma.us>
Cc: krbdev@MIT.EDU
In-Reply-To: <199605030352.DAA00776@orchard.medford.ma.us>
From: "Richard Basch" <basch@lehman.com>
I actually thought of the fact that the last two des blocks are
plaintext zeros, as you said, giving an attacker more plaintext-cipher
pairs. However, as I recall, the theoretical attacks on 1-des require
2^40 such pairs, and 3-des requires about 2^105 of such sequences.
Theoretically if a service is up long enough to produce enough keys, the
random number generator should probably be re-initialized periodically
(hopefully with a true source of randomness). Also, even if the random
sequence encryption key is broken, the seed key is not exposed.
I could do the same thing I did with the string2key function, which is
to do wrap-around cbc chaining, using the last cblock as the ivec for
another cbc-encryption of the entire message... This change would
increase the lifetime of a given random sequence by a little.
Comments?
--
Richard Basch
Sr. Developer/Analyst URL: http://web.mit.edu/basch/www/home.html
Lehman Brothers, Inc. Email: basch@lehman.com, basch@mit.edu
101 Hudson St., 33rd Floor Fax: +1-201-524-5828
Jersey City, NJ 07302-3988 Voice: +1-201-524-5049
