[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Checksum (Re: KINK issue list)
At Thu, 27 Jan 2005 20:47:56 -0500,
Ken Raeburn <raeburn@xxxxxxx> wrote:
> > - 2) makes me nervous because I don't know whether it makes some
> > kinds of attacks easy (e.g. adding junk data at the end of payloads
> > in order to collide the checksum).
> How about including length-without-checksum in the calculation of the
> checksum, instead of a zero?
This seems to work.
So current proposed solution is:
- Use required-to-implement checksum type determined by the etype.
- Use get_mic or verify_mic function to generate or verify the checksum.
- Omit the checksum field before calculation.
- The Length field is filled with the packet length without checksum and
the CksumLen field is zeroed out before the calculation.
KAMADA Ken'ichi <kamada@xxxxxxxxxx>