IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: a more detailed analysis of "known IV" vulnerability.
On Thu, Mar 14, 2002 at 11:58:55AM +0100, Niels Möller wrote:
> Wei Dai <weidai%eskimo.com@localhost> writes:
> > 2. By opening 2^24 channels, the attacker can gain control over 8 more
> > bits of the plaintext for 8-byte block size, and 24 more bits for 16-byte
> > block size.
>
> Do implementations allow that? My implementation has an arbitrary
> limit of 2^17 channels per connection. (And channel numbers are
> allocated sequentially).
The attacker does not need to keep all of the channels open. He can open
and close 2^24 channels to iterate through the channel numbers, and just
keep 2^8 channels, each with a different id mod 2^16, open for the attack.
Home |
Main Index |
Thread Index |
Old Index