Re: [ietf-tls] Re: an attack against SSH2 protocol

To: openssl-dev%openssl.org@localhost
Subject: Re: [ietf-tls] Re: an attack against SSH2 protocol
From: Stephen Sprunk <stephen%sprunk.org@localhost>
Date: Thu, 14 Feb 2002 16:08:39 -0600

Thus spake Wei Dai:
> I'll note that using CTR mode is more efficient than either of these
> suggestions. It doesn't require unpredictable IVs.
...
> Good point. If we want to fix SSH by using a per-packet unpredictable IV,
> the IV would have to be added to the list of MAC inputs. I think that
> would prevent the attack in appendix C.

So is the correct approach to fix the CBC implementation, or to switch
to a mode that is less prone to misuse?

> I'm not very familiar with how IETF working groups work, so what's the
> next step here?

Someone writes an internet-draft (ie. RFC format) describing the
change.

S

-- 
Stephen Sprunk          "So long as they don't get violent, I want to
CCIE #3723         let everyone say what they wish, for I myself have
K5SSS        always said exactly what pleased me."  --Albert Einstein

References:
- Re: [ietf-tls] Re: an attack against SSH2 protocol
  - From: Wei Dai

Prev by Date: Re: [ietf-tls] Re: an attack against SSH2 protocol
Next by Date: kdbinteract-03
Previous by Thread: Re: [ietf-tls] Re: an attack against SSH2 protocol
Next by Thread: kdbinteract-03
Indexes:

Home | Main Index | Thread Index | Old Index