Re: Request for Comments: Better installed-systems data would really help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Adding a 'hard symmetrical 3-DES' replay resistant MAC 
(message authentication code, here) of the response data 
$STRING with a well known seed $SEED, whacked with a 'included 
in the reply' plaintext, time of post $EPOCH_SECONDS_SINCE_GMT 
seems a good way to cut down on IoT devices

$STRING
$EPOCH_SECONDS_SINCE_GMT
$3DES ( $SEED . $STRING . $EPOCH_SECONDS_SINCE_GMT )

We know $SEED, and can derive local $EPOCH_SECONDS_SINCE_GMT 
of course

On the receiver on post-process side, one could do a quick 
drop on posts more than 15 min off:
        $EPOCH_SECONDS_SINCE_GMT
and if one seems to being over-run with forgeries, actually 
verify the $3DES decodes correctly for selected IPs

-- Russ herrold
_______________________________________________
council-discuss mailing list -- council-discuss@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to council-discuss-leave@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Users]     [Fedora Outreach]     [Fedora Desktop]     [Fedora KDE]     [KDE Users]     [Fedora SELinux]     [Yosemite Forum]     [Linux Audio Users]

  Powered by Linux