5/8 I'm thinking about using a block cipher to encrypt pkts
in my application, but I'm running into a problems wtr
transmitting/receiving the encrypted pkts. Here is
what I want to do (given values are secret key K, plain
text PT):
1. Derive K1 (encryption key) from K and a random nonce
N1 and derive K2 (HMAC key) from K and a random nonce N2
2. Encrypt PT and H(PT) using K1: e = E(H(PT)|PT,K1)
3. Calc. HMAC of the e: h = HMAC(e,K2)
4. Transmit N1|N2|e|h (this would be a fixed size pkt)
5. Recv. N1,N2,e,h
6. Derive K1 and K2 from K using recv'd N1 and N2
7. If HMAC(e) = h, then decrypt e: D(e,K2) = H(PT)|PT
8. If the decrypted H(PT) matches a computes H(PT)
return PT.
What I don't know how to do is recover from the following
situations:
* HMAC(e) of the recv'ed e != h
* Decrypted H(PT) != computed H(PT)
Since it it unlikely that the pkt was corrupted by trans.
errors (I'm using TCP), the only way that this could happen
is because of an active attacker. Is there any point in
asking for a retransmit on the recv side if an active
attacker is present?
\_ post this to crypto@csua, you'll get better results than the
motd. Motd is full of dropouts and sysadmins.
\_ Hi paolo. You're delusional again. Go back to bed.
\_ who is this paolo?
\_ He was president for a long time, then he quit logging in. |