Re: Core draft last call update.

To: Wei Dai <weidai%eskimo.com@localhost>
Subject: Re: Core draft last call update.
From: Niels Provos <provos%citi.umich.edu@localhost>
Date: Fri, 15 Mar 2002 00:34:58 -0500

On Thu, Mar 14, 2002 at 08:00:54PM -0800, Wei Dai wrote:
> I was not aware that existing implementations already support CFB/OFB. 
> Apparently this is the case for OpenSSH, but it's not documented anywhere.
> OpenSSH also seems to support ECB mode, which does not make any sense to
> me. BTW, OpenSSH appears to use unregistered reserved names for these
> ciphers, which violates section 5 of the architecture spec. 
You have me confused.  What are you talking about?  Did you look at
the source code, cipher.c contains the supported ciphers, including
their names as announced during kex init:

        { "3des-cbc",           SSH_CIPHER_SSH2, 8, 24, EVP_des_ede3_cbc },
        { "blowfish-cbc",       SSH_CIPHER_SSH2, 8, 16, EVP_bf_cbc },
        { "cast128-cbc",        SSH_CIPHER_SSH2, 8, 16, EVP_cast5_cbc },
        { "arcfour",            SSH_CIPHER_SSH2, 8, 16, EVP_rc4 },
        { "aes128-cbc",         SSH_CIPHER_SSH2, 16, 16, evp_rijndael },
        { "aes192-cbc",         SSH_CIPHER_SSH2, 16, 24, evp_rijndael },
        { "aes256-cbc",         SSH_CIPHER_SSH2, 16, 32, evp_rijndael },

I do not think that any of these ciphers violate any section of
any spec produced by this working group.  Specficially:

   The following ciphers are currently defined:

     3des-cbc         REQUIRED          three-key 3DES in CBC mode
     blowfish-cbc     RECOMMENDED       Blowfish in CBC mode
     twofish256-cbc   OPTIONAL          Twofish in CBC mode,
                                        with 256-bit key
     twofish-cbc      OPTIONAL          alias for "twofish256-cbc" (this
                                        is being retained for
                                        historical reasons)
     twofish192-cbc   OPTIONAL          Twofish with 192-bit key
     twofish128-cbc   RECOMMENDED       Twofish with 128-bit key
     aes256-cbc       OPTIONAL          AES (Rijndael) in CBC mode,
                                        with 256-bit key
     aes192-cbc       OPTIONAL          AES with 192-bit key
     aes128-cbc       RECOMMENDED       AES with 128-bit key Y
     serpent256-cbc   OPTIONAL          Serpent in CBC mode, with
                                        256-bit key
     serpent192-cbc   OPTIONAL          Serpent with 192-bit key
     serpent128-cbc   OPTIONAL          Serpent with 128-bit key
     arcfour          OPTIONAL          the ARCFOUR stream cipher
     idea-cbc         OPTIONAL          IDEA in CBC mode
     cast128-cbc      OPTIONAL          CAST-128 in CBC mode

Please, explain yourself.

I believe the biggest concern is a further delay of the drafts which
already have been delayed for several years.  None of the attacks that
have been discussed here seem relevant enough to warrant delaying the
drafts for another year.

We can always define more ciphers and modes once the main drafts have
been published.

Niels.

References:
- Re: Core draft last call update.
  - From: David Wagner
- Re: Core draft last call update.
  - From: Bill Sommerfeld
- Re: Core draft last call update.
  - From: Wei Dai
- Re: Core draft last call update.
  - From: Markus Friedl
- Re: Core draft last call update.
  - From: Wei Dai

Prev by Date: Re: Core draft last call update.
Next by Date: Re: Core draft last call update.
Previous by Thread: Re: Core draft last call update.
Next by Thread: Re: Core draft last call update.
Indexes:

Home | Main Index | Thread Index | Old Index