RE: [Cfrg] how to guard against VM rollbacks
"Wei Dai" <weidai@weidai.com> Thu, 01 February 2007 16:54 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HCfCo-0006hS-7z; Thu, 01 Feb 2007 11:54:38 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HCfCm-0006hJ-Oh for cfrg@irtf.org; Thu, 01 Feb 2007 11:54:36 -0500
Received: from py-out-1112.google.com ([64.233.166.177]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HCfCY-0001QI-FE for cfrg@irtf.org; Thu, 01 Feb 2007 11:54:36 -0500
Received: by py-out-1112.google.com with SMTP id a73so302033pye for <cfrg@irtf.org>; Thu, 01 Feb 2007 08:54:22 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:from:to:references:in-reply-to:subject:date:message-id:mime-version:content-type:content-transfer-encoding:x-mailer:thread-index:content-language:sender; b=RrB8TlLXMffRQmuhsHAz+u8oOcjVQgT/tEelxyboHzFrrlGExnHbOcoaMLxYJPDMigRZkWQ2fjH6McqwhW/jrkkNAD5xI0qEnKA0Fw0vU1C+ha5KOd56iuzzUHFNkB8hUaVXTxe4MAMBw8Uv+1xfscnm4M0vAxVL62MDeNhFSUY=
Received: by 10.35.54.1 with SMTP id g1mr4562612pyk.1170348862020; Thu, 01 Feb 2007 08:54:22 -0800 (PST)
Received: from weidaim1 ( [61.149.29.60]) by mx.google.com with ESMTP id 38sm10981293nza.2007.02.01.08.54.19; Thu, 01 Feb 2007 08:54:21 -0800 (PST)
From: Wei Dai <weidai@weidai.com>
To: 'pgut001' <pgut001@cs.auckland.ac.nz>, cfrg@irtf.org
References: <09e601c73607$f73d7720$0300a8c0@weidai.com> <E1HBq5A-00022a-00@medusa01.cs.auckland.ac.nz>
In-Reply-To: <E1HBq5A-00022a-00@medusa01.cs.auckland.ac.nz>
Subject: RE: [Cfrg] how to guard against VM rollbacks
Date: Fri, 02 Feb 2007 00:54:09 +0800
Message-ID: <000c01c74621$9bba6e60$d32f4b20$@com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcdEWCHnKOTogPE5QJqo9OHp3braUAByFNYw
Content-Language: en-us
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7d33c50f3756db14428398e2bdedd581
Cc:
X-BeenThere: cfrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:cfrg@ietf.org>
List-Help: <mailto:cfrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>
Errors-To: cfrg-bounces@ietf.org
Peter wrote: > Several *theoretical* suggestions have been posted. I haven't really > seen > anything that'll work in practice. There have been several specific and practical suggestions, but they were spread over several messages in the discussion. I'll summarize here: 1. Use random IVs instead of counter or state-derived IVs. 2. For any crypto scheme that uses random numbers or IVs, generate the random numbers/IVs after the message to be encrypted and/or authenticated is fixed. 3. Use the operating system's secure RNG to generate these random numbers/IVs and hash in the current time and/or the message to make sure random numbers are not reused on different messages. 4. As an alternative to 1-3 above, switch to a crypto scheme such as SIV that is specifically designed to tolerate nonce reuse. _______________________________________________ Cfrg mailing list Cfrg@ietf.org https://www1.ietf.org/mailman/listinfo/cfrg
- RE: [Cfrg] how to guard against VM rollbacks Hallam-Baker, Phillip
- Re: [Cfrg] how to guard against VM rollbacks Wei Dai
- Re: [Cfrg] how to guard against VM rollbacks Jon Callas
- [Cfrg] how to guard against VM rollbacks Wei Dai
- [Cfrg] Re: how to guard against VM rollbacks Wei Dai
- Re: [Cfrg] how to guard against VM rollbacks Hal Finney
- [Cfrg] how to ensure unpredictability (or non-rep… zooko
- Re: [Cfrg] how to guard against VM rollbacks Peter Gutmann
- Re: [Cfrg] how to guard against VM rollbacks Wei Dai
- Re: [Cfrg] how to guard against VM rollbacks Wei Dai
- Re: [Cfrg] how to guard against VM rollbacks Ariel Waissbein
- Re: [CFRG] how to guard against VM rollbacks Phillip Rogaway
- Re: [Cfrg] how to guard against VM rollbacks Paul Hoffman
- Re: [Cfrg] how to guard against VM rollbacks Peter Gutmann
- Re: [Cfrg] how to guard against VM rollbacks Hal Finney
- Re: [Cfrg] how to guard against VM rollbacks Wei Dai
- Re: [Cfrg] how to guard against VM rollbacks Ariel Waissbein
- Re: [Cfrg] how to guard against VM rollbacks Mark Baugher
- RE: [Cfrg] how to guard against VM rollbacks Hallam-Baker, Phillip
- Re: [Cfrg] how to guard against VM rollbacks Hal Finney
- [Cfrg] Re: how to guard against VM rollbacks Simon Josefsson
- Re: [Cfrg] Re: how to guard against VM rollbacks Hal Finney
- Re: [Cfrg] Re: how to guard against VM rollbacks Steven M. Bellovin
- Re: [Cfrg] Re: how to guard against VM rollbacks Jon Callas
- [Cfrg] RE: how to guard against VM rollbacks Hallam-Baker, Phillip
- RE: [Cfrg] Re: how to guard against VM rollbacks Hallam-Baker, Phillip
- RE: [Cfrg] Re: how to guard against VM rollbacks Hallam-Baker, Phillip
- [Cfrg] Re: how to guard against VM rollbacks Simon Josefsson
- Re: [Cfrg] Re: how to guard against VM rollbacks Hal Finney
- Re: [Cfrg] Re: how to guard against VM rollbacks Mark Baugher
- Re: [Cfrg] how to guard against VM rollbacks Peter Gutmann
- RE: [Cfrg] how to guard against VM rollbacks Wei Dai
- Re: [Cfrg] how to guard against VM rollbacks Wei Dai
- Re: [Cfrg] how to guard against VM rollbacks David McGrew