On Thu, Sep 25, 2003 at 12:08:57PM +0200, Michal Zalewski wrote: > > Especially as some of the flaws (the replay attacks) are actually > > documented in the manual. > > And correct me if I am wrong, but it appears to me that replay attacks are > not that much of a concern when encrypting TCP/IP packets?
If the integrity protection is strong *and* the involved TCPs generate reasonably random sequence numbers, replay attacks on TCP streams are impractical. For connectionless protocols (IP itself, some IP based), some protection against replay attacks would be nice, but is often not easy to achieve without knowing application protocol or sacrificing performance. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
