Re: des-cbc cipher

[Damien Miller <djm%mindrot.org@localhost>]

On Wed, 28 Nov 2001, RJ Atkinson wrote:

>         Kindly answer the question posed.  Are we saving bytes ?

Your question was not posed to me, but since you asked: I would
prefer that we do not make further unnecessary changes to the drafts
at this late stage, especially when such changes are obviously 
controversial.

> Or is your goal to make it impossible for folks to use DES-CBC
> because you think you know more than they do about their situation 
> and threat environment ?   

The protocol includes an extension mechanism which allows you to 
implement des-cbc for those few cases where it may be appropriate.
There is nothing stopping you, or another interested party from 
agreeing on an implementation and advancing that separately.

>         And by the way, all algorithms are insecure.

Some are even more insecure than others.

> attacks on SSHv2 aren't brute force and don't vary with the algorithm 
> in use (try reading Ross Anderson's paper on "Why Cryptosystems Fail" 
> if any of this seems confusing).

If there are feasible attacks against the protocol which require a
similar or lesser order of work than breaking DES, then I'd certainly
like to know about them - please share.

-d

-- 
| By convention there is color,       \\ Damien Miller <djm%mindrot.org@localhost>
| By convention sweetness, By convention bitterness, \\ www.mindrot.org
| But in reality there are atoms and space - Democritus (c. 400 BCE)