[rc5] Suggestion for protocol

Remi Guyomarch rguyom at mail.dotcom.fr
Mon Jun 23 21:46:16 EDT 1997


Honza Pazdziora wrote:

[...]
> > The second attack is harder to spot. 'Surprise' solutions are a good way of
> 
> This kind of attacks I try to fight -- these were the problems at
> SolNet. But how do you put surprise solution into the block? Remember,
> because you do not want to have high network traffic, you send to the
> clients the start of the block and the size of the block (mask). How
> do you put the solution in?

The v1 RC5 clients already get their plain-text, cypher-text, iv and
keyspace from the proxy each time. So it's very easy to send the RSA
test challenge data (for exemple) and the correct keyspace sometimes to
check the clients. The proxy could even generate random keys, plain-text
etc...

But the client could detect these checks, because the challenge data are
publicly available (somewhere on www.rsa.com). So it could really search
for a key when the proxy send it other data than the official RSA
challenge data, and just return 'not found' for the challenge data.

Thus the proxy should test the client's speed to see if there is any
difference. Sounds delicate to do automagically...

About the network traffic, plain-text + cypher-text + iv + keyspace = 16
bytes.

-- 
Rémi
----
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.



More information about the rc5 mailing list