Lost in translation: theory and practice in cryptography
- 30 May 2006
- journal article
- Published by Institute of Electrical and Electronics Engineers (IEEE) in IEEE Security & Privacy
- Vol. 4 (3) , 69-72
- https://doi.org/10.1109/msp.2006.74
Abstract
The perils of using encryption without authentication or integrity protection are well known in the cryptographic research community. Yet its exactly the mandatory support for unauthenticated encryption that forms the basis of a serious security flaw in an IPsec implementation we recently discovered. In response, the UK's equivalent to CERT, the National Infrastructure Coordination Centre published a vulnerability advisory about the flaw. Vendors also issued updated recommendations to customers, and we saw a flurry of discussion on Slash-dot and the sci.crypt newsgroup. In the aftermath, we asked ourselves, how did this happen?Keywords
This publication has 4 references indexed in Scilit:
- Cryptography in Theory and Practice: The Case of Encryption in IPsecPublished by Springer Nature ,2006
- Breaking and provably repairing the SSH authenticated encryption schemeACM Transactions on Information and System Security, 2004
- IP Encapsulating Security Payload (ESP)Published by RFC Editor ,1998
- Security Architecture for the Internet ProtocolPublished by RFC Editor ,1998