[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] My response to both the analysis of CIPE by Gutmann, Slashdot and the response by the CIPE list
- To: Michal Zalewski <lcamtuf@xxxxxxxxxxx>
- Subject: Re: [Full-Disclosure] My response to both the analysis of CIPE by Gutmann, Slashdot and the response by the CIPE list
- From: Florian Weimer <fw@xxxxxxxxxxxxx>
- Date: Thu, 25 Sep 2003 12:22:41 +0200
On Thu, Sep 25, 2003 at 12:08:57PM +0200, Michal Zalewski wrote:
> > Especially as some of the flaws (the replay attacks) are actually
> > documented in the manual.
>
> And correct me if I am wrong, but it appears to me that replay attacks are
> not that much of a concern when encrypting TCP/IP packets?
If the integrity protection is strong *and* the involved TCPs generate
reasonably random sequence numbers, replay attacks on TCP streams are
impractical.
For connectionless protocols (IP itself, some IP based), some protection
against replay attacks would be nice, but is often not easy to achieve
without knowing application protocol or sacrificing performance.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html