I am aware of the issues with both ECB (statistical inference, known plaintext attacks,
replay
attacks etc etc) and CRC-32. However considering the application (i.e. to stop DECNET
credentials
going over the wide Internet entirely in the clear and rudimentary identification of the
end-points) I doubt
that there would be many attackers who would bother with the extra effort of attacking
this compared to
the current completely unprotected setup.
But since this doesn't seem to interest that many people anyway I think I'll give
it a miss.
Sampsa
On 25 Aug 2008, at 15:44, Paul Koning wrote:
Sampsa> My proposal is that each end point of a bridge connection
Sampsa> share a secret and use some form of symmetric encryption (say
Sampsa> AES in ECB mode) whilst communicating....
Sampsa> A CRC-32 (of the unencrypted frame) would be used to
Sampsa> determine the validity of the data.
Um, no.
I rather doubt this sort of thing is worth doing, but if you think
it's useful, you should use a design that has the right security
properties.
Doing crypto right is hard -- much harder than you might think. ECB
is never right; neither is CRC for integrity (in a crypto setting).
On the other hand, the right way already exists. Just turn on IPsec.
If you want to invent your own, you should study IPsec to see how it
is constructed, and understand why it is constructed that way.
Studying the prior art is a good idea. It helps to avoid building
stuff that doesn't work. And unfortunately there's plenty of that.
WEP is a classic example of a "security" system designed by people who
didn't know what they were doing, and didn't know that they didn't know.
paul