'Re: [Fwknop-discuss] fko_encryption_type'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fwknop-discuss
Subject:    Re: [Fwknop-discuss] fko_encryption_type
From:       Michael Rash <mbr () cipherdyne ! org>
Date:       2012-01-26 3:28:15
Message-ID: 20120126032815.GA32141 () cipherdyne ! org
[Download RAW message or body]

On Jan 25, 2012, ruh Ruhsam Bernhard wrote:

> /* Determine type of encryption used.  For know, we are using the
> * size of the message.  
> *
> * XXX: We will want to come up with a more reliable method of
> *      identifying the encryption type.
> */ 
> 
> Hello,
> 
> this is really a problem. 
> Rijndael encrypted messages can also be longer than 400 Bytes (#define \
> MIN_GNUPG_MSG_SIZE 400).  
> E.g. on my test machine a message of 248 characters results in 588 bytes Rijndael \
> encrypted message. 
> How else could the encryption type be detected?

I'm in the process of changing how fwknop deals with encryption right now
(working in a branch so we can merge when/if it makes sense):

http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=4c3d2188a1b94c5d33ac34d348e8d48eac858f00


I can see the message size test as being a problem in some cases such as
in command mode with long command strings being included within an SPA
packet.  One alternative would just be to pretty much ignore packet size
and just try decrypting incoming packets according to the keys defined
in access.conf file.  If no Rijndael key is defined in any stanza and
only gpg is used, then decryption would only be attempted via gpg and
vice versa.

One thing that ties into this is that fwknop in Rijndael mode does not
include a MAC tied to a separate key - I'm thinking of adding this as
well (probably an HMAC-SHA256) as an option since then you start to get
into the realm of an IND-CCA scheme.

Thanks,

--Mike



> Please try to fix this.
> 
> Thank you,
> - Bernhard Ruhsam
> 
> 
> 
> ------------------------------------------------------------------------------
> Keep Your Developer Skills Current with LearnDevNow!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-d2d
> _______________________________________________
> Fwknop-discuss mailing list
> Fwknop-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
Fwknop-discuss mailing list
Fwknop-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic