Re: a more detailed analysis of "known IV" vulnerability.

To: daw%mozart.cs.berkeley.edu@localhost (David Wagner)
Subject: Re: a more detailed analysis of "known IV" vulnerability.
From: RJ Atkinson <rja%extremenetworks.com@localhost>
Date: Sat, 16 Mar 2002 13:51:09 -0500


On Saturday, March 16, 2002, at 07:13 , David Wagner wrote:

 I think it's reasonable to conclude that this attack will not
be easiest way to break SSH sessions.


This has been my conclusion as well, based largely on
Ross Anderson's paper on how crypto is typically broken.

I believe this rationale should be carefully explained in the SSH RFC.
Otherwise, some readers might get the wrong impression.  Also, it will
help inform those who might re-use the SSH encoding transform without
also maintaining the upper layers that they are in a danger zone.


I'm not sure whether the detailed analysis really belongs in the
core SSH RFCs.  Documenting in some RFC, possibly a parallel RFC
with Informational status, seems eminently reasonable.

Ran

Follow-Ups:
- Re: a more detailed analysis of "known IV" vulnerability.
  - From: Bill Sommerfeld
- Re: a more detailed analysis of "known IV" vulnerability.
  - From: Damien Miller

References:
- Re: a more detailed analysis of "known IV" vulnerability.
  - From: David Wagner

Prev by Date: Re: a more detailed analysis of "known IV" vulnerability.
Next by Date: Re: a more detailed analysis of "known IV" vulnerability.
Previous by Thread: Re: a more detailed analysis of "known IV" vulnerability.
Next by Thread: Re: a more detailed analysis of "known IV" vulnerability.
Indexes:

Home | Main Index | Thread Index | Old Index