On Wed, May 09, 2007 at 06:11:03PM -0400, Leichter, Jerry wrote: > Just being able to generate traffic over the link isn't enough to > carry out this attack.
Well, it depends on if you key per-flow or just once for the link. If the latter, and you have the ability to create traffic over the link, and there's a 1-for-1 correspondence between plaintext and encrypted packets, then you have a problem. Scenarios include: Private wifi network, you are sending packets at a customer from unprivileged node on internet; you want known plaintext for the key used to secure the wifi traffic, or you want the contents of his connection. Target is VPN'ed into corporate headquarters, you are sending packets at them (or you send them email, they download it from their mail server) -- Kill dash nine, and its no more CPU time, kill dash nine, and that process is mine. -><- <URL:http://www.subspacefield.org/~travis/> For a good time on my UBE blacklist, email [EMAIL PROTECTED]
pgpEWNibI30LX.pgp
Description: PGP signature