Re: an attack against SSH2 protocol

To: Niels Möller <nisse%lysator.liu.se@localhost>
Subject: Re: an attack against SSH2 protocol
From: Wei Dai <weidai%eskimo.com@localhost>
Date: Mon, 11 Feb 2002 10:52:54 -0800

On Mon, Feb 11, 2002 at 05:02:36PM +0100, Niels Möller wrote:
> Another simple "fix" for CBC might be to add one more encryption
> operation between packets. If one packet consists of the ciphertext
> blocks

I think your fix would be ok, but since it's not backwards compatible it
doesn't seem to have any advantage over defining new ciphers in CTR mode.

> A problem with counter mode is that the FIPS document doesn't define
> it fully; it doesn't say how you should increment the counter, you can
> do it in little endian order or big endian order or using any
> permutation of your choice. Is there any IETF wg that has tried to
> define a single standard way of doing counter mode?

Google search for "ctr mode rfc" turned up a couple of drafts:

http://www.ietf.org/internet-drafts/draft-mcgrew-saag-icm-00.txt
http://www.vpnc.org/draft-moskowitz-aes128-ctr

I haven't read them yet.

References:
- an attack against SSH2 protocol
  - From: Wei Dai
- Re: an attack against SSH2 protocol
  - From: Niels Möller

Prev by Date: Re: public key (was Re: consensus probe.)
Next by Date: Re: public key (was Re: consensus probe.)
Previous by Thread: Re: an attack against SSH2 protocol
Next by Thread: SSH FTP - 6.1 Request Synchronization and Reordering
Indexes:

Home | Main Index | Thread Index | Old Index