-----BEGIN PGP SIGNED MESSAGE----- In article <Pine.3.89.9512071804.A21520-0100000@unicorn.com>, Rev. Mark Grant <mark@unicorn.com> wrote:

I think he means you shouldn't use a stream cipher like RC4 that XORs the plaintext with the generated keystream, since if you know part of the plaintext, you can XOR those bytes with (the id you want) XOR (the id being sent) and change the encrypted data so that the payment goes into your account and not theirs.

Right. RC4 encryption doesn't provide message integrity. And I should mention that block ciphers like DES in chaining modes like CBC don't provide message integrity either -- it's a bit harder, but an active attacker can still tamper with the ciphertext to modify the plaintext in a predictable way, like with RC4. I admit it's a more difficult to mount this attack against a block cipher in chaining mode, and the success probability may go down (depending on the circumstances), but hey! paranoia is your friend; and my point remains valid: Don't count on encryption to give you message integrity. If you need message integrity, use a MAC. If you want a citation for this basic crypto design principle, I'll be happy to provide one.

This is a tough, but potentially feasible attack if you use that kind of encryption scheme.

Tough!? It's trivial for an active attacker, in the stream cipher case. He just xors some bits: no clever cryptanalysis needed. (Or did you mean it's tough to mount an active attack? I agree: that requires significant knowledge or motivation.)

Is there anywhere that you could use a similar attack on SSL ?

Not in SSL v3.0; it explicitly uses a (cryptographically strong) MAC (message authentication code) on each message to prevent tampering and modification. Dave Wagner, speaking for himself, but thankful for all those behind the scenes who are helping to improve and open up Digicash communications. - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMMdVCCoZzwIn1bdtAQHEvQF/c1wmuVWCpmMo+4jY0cNlrrKD/5vYb/st xC2dFLgb1ydJm6kfWRw0Hz8vF55tzj9t =N+Gr -----END PGP SIGNATURE-----