On Mar 27, 2013, at 3:13 PM, Ben Laurie <[email protected]> wrote:
> On 27 March 2013 17:20, Steven Bellovin <[email protected]> wrote:
>> On Mar 27, 2013, at 3:50 AM, Jeffrey Walton <[email protected]> wrote:
>>
>>> What is the reason for checksumming symmetric keys in ciphers like BATON?
>>>
>>> Are symmetric keys distributed with the checksum acting as a
>>> authentication tag? Are symmetric keys pre-tested for resilience
>>> against, for example, chosen ciphertext and related key attacks?
>>>
>> The parity bits in DES were explicitly intended to guard against
>> ordinary transmission and memory errors. Note, though, that this
>> was in 1976, when such precautions were common. DES was intended
>> to be implemented in dedicated hardware, so a communications path
>> was needed, and hence error-checking was a really good idea.
>
> And in those days they hadn't quite wrapped their heads around the
> concept of layering?
That's partly though not completely true.
>
> That said, I used to work for a guy with a long history in comms. His
> take was that the designers of each layer didn't trust the designers
> of the layer below, so they added in their own error correction.
>
It's more that errors can occur at any layer -- even today, we have
link layer checksums, TCP checksums, and sometimes more. This is the
e2e error check, shortly before Saltzer and Clark wrote their paper...
And yes, hardware was a *lot* less reliable then.
--Steve Bellovin, https://www.cs.columbia.edu/~smb
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
