Hi Graham,
I'm not Yoav, but I'll try to clarify.
Hi Yoav
As I understand this, changing the concept from 'difficulty level' to
'puzzle/generation id' doesn't allow for a responder to hand out some
puzzles weaker than others at the same time? (Unless it's tracked locally
as you said), but then the Responder would need to remember all previous
Yes, in Yoav's approach the responder should remember
last N pairs "generation_id : difficulty: secret".
Puzzles up to the last point where a certain GenerationID was used if it's
to issue Puzzles of different difficulty at the same time. (Otherwise I
see an attack where someone can potentially just make all new connections
have the most difficult puzzles, there might be a need for some random
un-fairness with 1 in X having hard puzzles?).
Also if the 'difficulty level' is no longer used, how does the client know
what difficulty this is ? Generation 9 could be 23-bit one day and 0 the
next.
In any case (with mine or Yoav's approach) the difficulty level must be
indicated to initiator explicitely, in a separate field (it presumably
must be in (to be defined) PUZZLE Notification). Difficulty level
in cookie (as I suggested) is for responder's use only.
For initiator the cookie is an opaque blob in any case,
but responder must be able to determine which difficulty
level was requested with any particular cookie. In my approach
the level is encoded in the cookie itself, in Yoav's approach it is
locally accociated with "generation_id", which is encoded
in the cookie.
Both approaches are workable. There are some advantages
and drawbacks in each, but they are insignificant, IMHO.
Regards,
Valery.
If both are included this allows for the Responder to change secret and
also allow for multiple difficulty types.
Cookie = <VersionIDofSecret> | <Timestamp> | <GenerationID> |
<PuzzleDifficulty> | <PRF> |
Hash(Ni | IPi | SPIi | <Timestamp> | <GenerationID> |
<PuzzleDifficulty> | <PRF> |
<secret>)
thanks
On 03/12/2014 23:46, "Yoav Nir" <[email protected]> wrote:
Why? The responder can remember that generation 8 had a 20-bit
difficulty level. If the attack then gets worse, than generation 9 is
created with a 23-bit difficulty level.
The responder needs only remember the generation and associated
difficulty level.
On Dec 4, 2014, at 1:07 AM, Graham Bartlett (grbartle)
<[email protected]> wrote:
If the 1 byte 'difficulty level' has become the 'puzzle id', could we
break the 1 byte into two 4 bits?
1st 4 bits is 'puzzle/generation id', next 4bits is 'difficulty level',
this allows for 16 cycles for when every secret changes and still allows
16 levels of puzzles..
(just a thought as if the difficulty level disappears you loose the
ability to set a the hardness of the puzzle)
On 03/12/2014 16:01, "Yoav Nir" <[email protected]> wrote:
On Dec 3, 2014, at 5:44 PM, Valery Smyslov <[email protected]> wrote:
Hi Scott,
this is almost identical to what I proposed in my original e-mail,
if you substitute "difficulty level" with "puzzle id©ч.
Or call it ©шgeneration id©ч, and increment it whenever you generate a
new
secret and/or change the difficulty level.
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
