IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: an attack against SSH2 protocol
On Mon, Feb 11, 2002 at 05:02:36PM +0100, Niels Möller wrote:
> Another simple "fix" for CBC might be to add one more encryption
> operation between packets. If one packet consists of the ciphertext
> blocks
I think your fix would be ok, but since it's not backwards compatible it
doesn't seem to have any advantage over defining new ciphers in CTR mode.
> A problem with counter mode is that the FIPS document doesn't define
> it fully; it doesn't say how you should increment the counter, you can
> do it in little endian order or big endian order or using any
> permutation of your choice. Is there any IETF wg that has tried to
> define a single standard way of doing counter mode?
Google search for "ctr mode rfc" turned up a couple of drafts:
http://www.ietf.org/internet-drafts/draft-mcgrew-saag-icm-00.txt
http://www.vpnc.org/draft-moskowitz-aes128-ctr
I haven't read them yet.
Home |
Main Index |
Thread Index |
Old Index