On Wed, 19 Dec 2001, Gisle S{lensminde wrote:
>
> Yes, this is a problem with loopback crypto. The problem is that the
> loopback interface assume that it's length preserving, and that make
> insertion of a MAC difficult.
The problem can partially be solved in a length preseving way. Before
the data is encrypted a so called 'all or nothing transform' is applied
to the data. That is a length preseving function f(x) -> y such that
modification to any block in y to y', will make f-1(y') be different
from x in all blocks. Ronald Rivest have made a paper on this.
Ronald Rivest himself propose one such mode based on a block cipher.
Another possible transform is to use DFFT (discrete fast Fourier transform
as f, and IDFFT (the inverse) as f-1. If E(k,v,P) encrypts a block with IV v,
and D(k,v,C) decrypts it, encryption is changed to C = E(k,v,f(P)),
and decryption to P = f-1(D(k,v,C)). This transform will make it
hard to insert chosen ciphertexts, like Jerome Etienne's paper describes.
It will not solve all problems. That is teoretically impossible
without adding redundancy.
--
Gisle Sælensminde ( gisle@xxxxxxxxx )
With sufficient thrust, pigs fly just fine. However, this is not
necessarily a good idea. It is hard to be sure where they are going
to land, and it could be dangerous sitting under them as they fly
overhead. (from RFC 1925)
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
