Christian,
SEC does not increases costs equally for both attackers and defenders. An
increase of time T for the defender correspond to an increase of time T*2^59
for the attacker.
Right. I was speaking about the relative effort increase. For Sec = 0, I have
to do 1 unit of work, the
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IPv6 Maintenance Working Group of the IETF.
Title : Security Implications of Predictable Fragment
Identification Values
Author(s) : Fernando Gont
In your previous mail you wrote:
... nor will have an opportunity to work on the code that is needed
to try to break the RSA. I do not agree with what Christian posed
about being able to easily break it mathematically in a few seconds
and I will work on proving him wrong.
= not only I
agreed.
FWIW I suggested to Hosnieh earlier (in a private mail) to support
multiple alternative authentication mechanisms, and to make this
flexible for the future.
This draft is effectively discussing tuning an authentication protocol
to reduce the amount of work done by the defender (to make
In your previous mail you wrote:
What changes from RFC 3972 to your draft in this high-level analysis?
The difference between my draft and that of RFC 3972 is that I make use of
the public key in the IP address directly.
= this is IMHO a bad idea because it limits the search space in
Jari == Jari Arkko jari.ar...@piuha.net writes:
What is it that you don't understand. I will be happy to explain
it to you.
Jari Thanks. I read the details, but I'm missing the big
Jari picture. I.e., some effort is required from the owner to
Jari create an address. By
For the scheme in this draft,
the probability of a a second public key is: 1-(1-p)^(2^{1024-48}), where p
is the probability of a random number being a RSA public key.
I would not construct the attack by trying random numbers and checking them for
whether they are a public key. I would
Christian,
I would not construct the attack by trying random numbers and checking them
for whether they are a public key. I would start with a repository of prime
numbers, and then do something like:
I agree with this as well.
Jari
On 03/22/2013 02:47 PM, Christian Huitema wrote:
Pick two prime numbers from the catalog
Multiply the two numbers to get a candidate RSA key
Check whether the resulting pattern matches the 48 bits in the IID
I think you can be quicker than that. Generating primes is easy
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IPv6 Maintenance Working Group of the IETF.
Title : Security Implications of IPv6 Fragmentation with IPv6
Neighbor Discovery
Author(s) : Fernando
10 matches
Mail list logo