On Fri, 24 Mar 2017, Paul Wouters wrote:
On Fri, 24 Mar 2017, Daniel Migault wrote:
I have a question regarding devices that are not able to randomly generate
SPI, but instead
store fix values. The question is how much fix values could be
provisioned.
This is pretty dangerous. Half a year ago or so we saw the Transcript
Collsion Attacks that could have succeeded if we hadn't used random
SPI numbers to prevent pre-calculation in the attack. Using a set of 10
non-random SPI numbers would potentially make this device vulnerable to
this attack.
As Tero pointed out to me just now, those were IKE SPI's and not ESP
SPI's to I guess there is no security issue here :)
Paul
_______________________________________________
Lwip mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/lwip
