[rc5] Suggestion for protocol

Honza Pazdziora adelton at informatics.muni.cz
Mon Jun 23 14:22:00 EDT 1997


> On 06/22/97 Honza Pazdziora <adelton at informatics.muni.cz> said:
> 
> >The block that the client gets from the keymaster would be divided into
> >1024 subblocks. Each would be encrpted and cumulative checksum would be
> >taken. The result would be 1024 bytes (or any other number), one byte per
> >one subblocks. The keymaster would have to choose number between 0 and
> >1023 randomly and compute the subblock and it's checksum. If it is OK, it
> >believes that also the rest of the block has actualy been processed and
> >accepts the block.
> 
> Totally infeasible. This would mean doubling the number of cycles per key

No!!!
You would increase the number of cycles per key by 0.1% The keymaster
would only work again on 1 of those 1024 subblocks.

> just for the sake of paranoia. And still it can be easily faked.

[...]

> The second attack is harder to spot. 'Surprise' solutions are a good way of

This kind of attacks I try to fight -- these were the problems at
SolNet. But how do you put surprise solution into the block? Remember,
because you do not want to have high network traffic, you send to the
clients the start of the block and the size of the block (mask). How
do you put the solution in?

> defense (because they will not bother actually checking them), but if
> someone decides to harm us really bad, it still won't help... There are two
> types of people that can attempt to hurt us. 1) Those who are not good at
> programing. Easy. 2) Profound types. They will simply decompile the code (I
> heard about such tools) or make their changes right in the assembly...
> there is NO way to stop them. Concealing the code is expected to prevent us
> from getting in trouble with the people who know C, but not assembly. Is
> this the most common type of a bad hacker?
> 
> Is the v2 protocol not vulnerable to reverse engineering?

What I tried to suggest was the we do not try to protect the protocol
but rather the results. Also, people could create working clients and
test and use them if the protocol would be open.

------------------------------------------------------------------------
 Honza Pazdziora | adelton at fi.muni.cz | http://www.fi.muni.cz/~adelton/
                   I can take or leave it if I please
		     Thanks for having done your DES.
------------------------------------------------------------------------
----
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.



More information about the rc5 mailing list