PolfaJelfa said:
You are talking about people using the Cylindrical values ..used to verify the acuracy among other methods? You can not decrypt anything from that...tha tin itself is protected by diferent validations. Iven if you were to un-encrypt a section you still would not know jakc as the encryption is made in a way as all info is scrambled an d kept at diferent "sectors".
I know what i know bro, so do you. I see we will not be able to come to an agreement.
We're not going to agree simply because you're wrong...
The cbc mode attacks are also problematic in ipsec technlogy as well. PGP isn't the nly thing effected. CBC mde encryption is just flawed. Which is exactly what Ive been trying to say all along. Encrypted data is NOT infallable.
here are the same trubles in IPSEC land
CVE number: CAN-2005-0039
IPsec consists of several separate protocols; these include:
* Authentication Header (AH): provides authenticity guarantees for packets, by attaching strong
cryptographic checksum to packets.
* Encapsulating Security Payload (ESP): provides confidentiality guarantees for packets, by
encrypting packets with encryption algorithms. ESP also provides optional authentication
services
for packets.
* Internet Key Exchange (IKE): provide ways to securely negotiate shared keys.
AH and ESP has two modes of use: transport mode and tunnel mode. With ESP in tunnel mode, an IP
packet (called the inner packet) is encrypted in its entirety and is used to form the payload of
a new packet (called the outer packet); ESP typically uses CBC-mode encryption to provide
confidentiality. However, without some form of integrity protection, CBC-mode encrypted
data is vulnerable to modification by an active attacker.
By making careful modifications to selected portions of the payload of the outer packet, an
attacker can effect controlled changes to the header of the inner (encrypted) packet. The modified
inner packet is subsequently processed by the IP software on the receiving security gateway or the
endpoint host; the inner packet, in cleartext form, may be redirected or certain error messages
may be produced and communicated by ICMP. Because of the design of ICMP, these messages directly
reveal cleartext segments of the header and payload of the inner packet. If these messages can be
intercepted by an attacker, then plaintext data is revealed.
Attacks exploiting these vulnerabilities rely on the following:
* Exploitation of the well-known bit flipping weakness of CBC mode encryption.
* Lack of integrity protection for inner packets.
* Interaction between IPsec processing and IP processing on security gateways and end hosts.
These attacks can be fully automated so as to recover the entire contents of multiple
IPsec-protected inner packets.
In more detail, the three identified attacks on ESP in tunnel mode when integrity protection is not
present work as follows:
1. Destination Address Rewriting
* An attacker modifies the destination IP address of the encrypted (inner) packet by bit-
flipping in the payload of the outer packet.
* The security gateway decrypts the outer payload to recover the (modified) inner packet.
* The gateway then routes the inner packet according to its (modified) destination IP address.
* If successful, the "plaintext" inner datagram arrives at a host of the attacker's choice.
2. IP Options
* An attacker modifies the header length of the encrypted (inner) packet by bit-flipping in the
payload of the outer packet.
* The security gateway decrypts the outer payload to recover the (modified) inner packet.
* The gateway then performs IP options processing on the inner packet because of the modified
header length, with the first part of the inner payload being interpreted as options bytes.
* With some probability, options processing will result in the generation of an ICMP "parameter
problem" message.
* The ICMP message is routed to the now modified source address of the inner packet.
* An attacker intercepts the ICMP message and retrieves the "plaintext" payload of the inner
packet.
3. Protocol Field
* An attacker modifies the protocol field and source address field of the encrypted (inner)
packet by bit-flipping in the payload of the outer packet.
* The security gateway decrypts the outer payload to recover the (modified) inner packet.
* The gateway forwards the inner packet to the intended recipient.
* The intended recipient inspects the protocol field of the inner packet and generates an ICMP
"protocol unreachable" message.
* The ICMP message is routed to the now modified source address of the inner packet.
* An attacker intercepts the ICMP message and retrieves the "plaintext" payload of the inner
packet.
The attacks are probabilistic in nature and may need to be iterated many times in a first phase in
order to be successful. Once this first phase is complete, the results can be reused to efficiently
recover the contents of further inner packets.
So basically read the exploits and the underlying data before making arguments...
Please Scroll Down to See Forums Below 
