[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006



Of course, we would have a very simple way out of this debate by
mandating IPSEC, or more precisely only solving the "session continuity"
problem if IPSEC is used. 

> -----Original Message-----
> From: owner-shim6@psg.com [mailto:owner-shim6@psg.com] On Behalf Of
> Iljitsch van Beijnum
> Sent: Monday, July 24, 2006 2:27 AM
> To: Francis Dupont
> Cc: shim6-wg
> Subject: Re: CGA Use with HBA in Shim6 IETF Meeting July 10, 2006
> 
> On 24-jul-2006, at 10:02, Francis Dupont wrote:
> 
> >    Too weak for what?
> 
> > => direct attack against the hash (the O(2^56)).
> 
> Hm, even if you build a machine that can test 1000 hashes in parallel
> every microsecond, it will take you more than a year on average to
find
> a hash collision. And when you've found one, you get to redirect
> traffic, which is only a denial of service attack. If you have enough
> money to build such a hash breaking machine and enough patience to
wait
> for it to work, I'm sure other, more dangerous avenues of attack are
> also open to you...
> 
> An interesting issue is that after some 10 million hosts start using
> HBA, there is a 50% chance of two hosts using the same hash, i.e.,
sort
> of a distributed birthday attack.
> 
>