Kuehn, Ulrich wrote:
>> -----Original Message----- From: Ben Laurie
>> [mailto:[EMAIL PROTECTED] Sent: Samstag, 9. September 2006 22:39 
>> To: Adam Back Cc: Travis H.; Cryptography; Anton Stiglic Subject:
>> Re: IGE mode is broken (Re: IGE mode in OpenSSL)
> [...]
>> In any case, I am not actually interested IGE itself, rather in
>> biIGE (i.e. IGE applied twice, once in each direction), and I don't
>> care about authentication, I care about error propagation -
>> specifically, I want errors to propagate throughout the plaintext.
>> In fact, I suppose I do care about authentication, but in the 
>> negative sense - I want it to not be possible to authenticate the
>> message.
> Do I understand correctly? You do want that nobody is able to
> authenticate a message, however, it shall not be intelligible if
> manipulated with?

Correct. Minx (which is the only place I use IGE) avoids traffic marking
attacks in two ways:

a) all messages are "correct"

b) any attempt to mark a message results in its complete corruption

See the Minx paper, http://www.apache-ssl.org/minx.pdf.

> Or do you want that the authentication test fails if the message has
> been tampered with?




http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to