IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: a more detailed analysis of "known IV" vulnerability.




On Saturday, March 16, 2002, at 07:13 , David Wagner wrote:
 I think it's reasonable to conclude that this attack will not
be easiest way to break SSH sessions.

This has been my conclusion as well, based largely on
Ross Anderson's paper on how crypto is typically broken.

I believe this rationale should be carefully explained in the SSH RFC.
Otherwise, some readers might get the wrong impression.  Also, it will
help inform those who might re-use the SSH encoding transform without
also maintaining the upper layers that they are in a danger zone.

I'm not sure whether the detailed analysis really belongs in the
core SSH RFCs.  Documenting in some RFC, possibly a parallel RFC
with Informational status, seems eminently reasonable.

Ran




Home | Main Index | Thread Index | Old Index