Adding a 'hard symmetrical 3-DES' replay resistant MAC
(message authentication code, here) of the response data
$STRING with a well known seed $SEED, whacked with a 'included
in the reply' plaintext, time of post $EPOCH_SECONDS_SINCE_GMT
seems a good way to cut down on IoT devices
$STRING
$EPOCH_SECONDS_SINCE_GMT
$3DES ( $SEED . $STRING . $EPOCH_SECONDS_SINCE_GMT )
We know $SEED, and can derive local $EPOCH_SECONDS_SINCE_GMT
of course
On the receiver on post-process side, one could do a quick
drop on posts more than 15 min off:
$EPOCH_SECONDS_SINCE_GMT
and if one seems to being over-run with forgeries, actually
verify the $3DES decodes correctly for selected IPs
-- Russ herrold
_______________________________________________
council-discuss mailing list -- council-discuss@lists.fedoraproject.org
To unsubscribe send an email to council-discuss-leave@lists.fedoraproject.org
No comments:
Post a Comment