[VOIPSEC] RTP packet signature
Robert Moskowitz
rgm at icsalabs.com
Mon Oct 17 09:03:48 CDT 2005
At 07:02 PM 10/12/2005, Hadriel Kaplan wrote:
>I am definitely not an encryption-layer guy (which is why I asked on this
>list).
I am. It is in my job discription. :)
>I was just curious given how much of the plaintext and keygen values
>can be known, whether known-plaintext attack was a reasonable attack vector.
>(e.g., given all the press over the XSL attack theory on AES) But one of
>the encryption guys at my company pointed me to some papers and discussions
>on it and I'm convinced it's still highly impractical.
And we are doing a counter mode operation, not a chaining block. In
many ways, counter mode has superior characteristics to a chaining
block, provided you NEVER reuse a counter value with a key. That is
why a keying mechanism is so important if you could possibly have
more than 2^64 128bit blocks.
With modes like CBC you have hamming distance attacks with known
plaintext at the beginning of the packet. This is why random IVs are
so important in CBC.
Robert Moskowitz
Senior Technical Director
ICSA Labs, a division of Cybertrust, Inc.
W: 248-968-9809
F: 248-968-2824
VoIP: 248-291-0713
E: rgm at icsalabs.com
There's no limit to what can be accomplished if it doesn't matter who
gets the credit
More information about the Voipsec
mailing list