Re: [PATCH 3/5] xfrm: Traffic Flow Confidentiality for IPv4 ESP
Hi Herbert, I know why you want to do this, what I'm asking is do you have any research behind this with regards to security Has this scheme been discussed on a public forum somewhere? No, sorry, I haven't found much valuable discussion about TFC padding. Nothing at all how to overcome the ESPv2 padding limit. using an insecure RNG to generate a value that is then used as the basis for concealment Using get_random_bytes() adds another ~10% processing overhead due to the underlying sha_transform. But this is probably negligible, we add much more with the additional padding to encrypt/MAC. I'll re-spin the patchset with get_random_bytes(). Even if the ESPv2 padding fallback makes TFC in this case less efficient, it shouldn't harm. Or do you see this differently? Regards Martin -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 3/5] xfrm: Traffic Flow Confidentiality for IPv4 ESP
On Mon, Dec 06, 2010 at 04:10:25PM +0100, Martin Willi wrote: Has this scheme been discussed on a public forum somewhere? No, sorry, I haven't found much valuable discussion about TFC padding. Nothing at all how to overcome the ESPv2 padding limit. OK. I'll re-spin the patchset with get_random_bytes(). Even if the ESPv2 padding fallback makes TFC in this case less efficient, it shouldn't harm. Or do you see this differently? Indeed I don't think we should do anything for the ESPv2 case at all without having this discussed in an appropriate forum first. So please remove that part completely from your submission for now. Thanks, -- Email: Herbert Xu herb...@gondor.apana.org.au Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html