Re: [LinkSec] Factoid: MIC size
"Walker, Jesse" wrote:
>
> Russ and Marcus,
>
> I am confused by this discussion. Let n be the size of the MIC in bits, and assume that the MIC has the standard properties. Then the probability that a randomly generated message will have a valid MIC is 1/2^n.
>
> To apply the birthday attack, the adversary must create and send O(2^(n/2)) different messages, i.e., the adversary must generate and send about 2^(n/2) random messages before there is a 50% probability for one to succeed. This does not imply you have to change keys frequently. Indeed, changing keys does not increase immunity to the attack. All it says is how often to expect a successful forgery, independent of the MIC key used.
>
Cerebral flatulence on my part?
I was conflating the sequence-number protections I'm used to in
IPSec (must re-key before the sequence space exhausts, or you're
hosed), with the fact that for high-speed links you need to
have a larger space. That somehow got mixed in with the
"bigger MICs are better".
I apologize to everybody, but I will stand by:
o bigger MICs are better
o for high-speed, bigger sequence numbers are better
(reduces re-key overhead)
To make up for this I humbly offer a new little equation relating human
IQ
deficiency to sleep loss, and number of dependant offspring:
IQ' = (IQ - (N * (8.0 - D)) / (1 + O))
Where N = number of days of sleep loss
D = average deficiency, in hours
O = number of dependant offspring
--
----------------------------------------------------------------------
Marcus Leech Mail: Dept 8M70, MS 012, FITZ
Advisor Phone: (ESN) 393-9145 +1 613
763 9145
Security Architecture and Planning Fax: (ESN) 393-2754 +1 613
763 2754
Nortel Networks mleech@nortelnetworks.com
-----------------Expressed opinions are my own, not my employer's------