If you look at any given packet's payload and you have
>the proper keys, can you decipher the payload of this
>specific
>packet...or do you need some other portion of the encrypted
>stream? That is, can I decrypt on the fly on a
>packet-by-packet
>basis or do I need to keep track of the session and
>accumulate
>some portion (or all) of the application data before
>decrypting?
Depends on the encryption alg and protocol. Most network
encryption methods are going to work on blocks of data, i.e.
a certain number of bytes.
So, typically, you'll be able to decrypt some portion of a packet
(assuming the packet is, say, twice as large as the block size)
by not neccessarily the entire packet unless the block happens
to align itself evenly with the start of the packet, and the packet
size is a multiple of the block size.
Ryan
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
