Re: des-cbc cipher

To: Darren Moffat <Darren.Moffat%eng.sun.com@localhost>
Subject: Re: des-cbc cipher
From: RJ Atkinson <rja%inet.org@localhost>
Date: Wed, 28 Nov 2001 20:44:33 -0500

At 20:08 28/11/01, Darren Moffat wrote:
>Only the SSHv2 client and server software from SSH Inc supports 
>DES-CBC all other support the mandatory 3DES-CBC algorithm.  

Not relevant to my point in any event.  And I think that's wrong
anyway, since I know of at least one other that supports DES-CBC.

>Since any compliant implementation MUST have 3DES-CBC they will always
>interoperate providing the admin doesn't turn off 3DES.

Nope.  Interoperability here means able to talk DES-CBC when desired
to with another implementation that supports DES-CBC.

Note that it buys absolutely zero benefit to the user to leave DES-CBC
undocumented.  It won't make folks use 3DES, for example.  It just means
that the poor sod trying to implement a fully interoperable SSHv2 
client/server will have to try to reverse engineer the details unique
to DES-CBC.  If folks are having religion about DES-CBC, put the few
relevant details in an Appendix, mark it as purely informational or
even not recommended, but don't omit documentation that's already known
to the community...

Oh, and yes, I have commit access to an SSHv2 implementation, 
so please count these as implementer comments.

Ran
rja%inet.org@localhost

References:
- Re: des-cbc cipher
  - From: Darren Moffat

Prev by Date: Re: des-cbc cipher
Next by Date: Re: des-cbc cipher
Previous by Thread: Re: des-cbc cipher
Next by Thread: Re: des-cbc cipher
Indexes:

Home | Main Index | Thread Index | Old Index