Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:17:20 ADT
Ryan Anderson (ryan@michonline.com)
Mon, 11 May 1998 16:36:27 -0400 (EDT)
On Mon, 11 May 1998, Mordechai Ovits wrote:
> > In the Rivest's paper you transmit, indeed, all the 2^n plaintexts for a
> > n bit length };-).
>
> Not so. In his paper (before the package tranform stuff), he had the following expansion.
Note that any of the 2^n plaintexts cna be reconstructed from the
following sequence of triples. (Assuming no knowledge of the MAC. The
attacker has no idea which of each pair of triples related to each
sequence is correct, so he must search every possibility, which turns out
to be each of the 2^n plaintexts.)
> Assuming a 32 bit serial number and a 160 bit MAC, n bits would expand to 388n.
> This is because Ron is sending it out like this:
> quote from http://theory.lcs.mit.edu/~rivest/chaffing.txt
> >To make this clearer with an example, note that the adversary
> >will see triples of the form:
> > (1,0,351216)
> > (1,1,895634)
> > (2,0,452412)
> > (2,1,534981)
> > (3,0,639723)
> > (3,1,905344)
> > (4,0,321329)
> > (4,1,978823)
Ryan Anderson
PGP fp: 7E 8E C6 54 96 AC D9 57 E4 F8 AE 9C 10 7E 78 C9
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:17:20 ADT