avoiding replay attack resistance w/o seq nos or challenge response

Major Variola (ret) mv at cdc.gov
Mon Nov 28 22:00:24 PST 2005

I'm interested in avoiding replay attacks on a protocol that uses UDP.
Assume a secret key is shared.

As far as I can tell, it is *fundamental*  that you use
either sequence numbers for a series of packets, or perform a
challenge-response handshake for each packet.  (The latter is
essentially a "sequence" of length 1
re-established for each packet)

Both methods require the maintenance of some state, essentially
creating a "session", although that state is just the active sequence
(and a window given UDPs un-ordering), not a whole moby IPSEC security

Yes, I'm aware that if you use UDP you end up reinventing TCP...

My question is, are there less well known methods, or is this
fundamentally *imposed* by replay attack resistance, by virtue of what
it means to
"re-play"?  (Which is my suspicion)

More information about the cypherpunks-legacy mailing list