IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Even more ways to fix the cbc-mode attack
Since TLS has the same CBC attack problem, I attended that WG...
Eric Rescorla mentioned a few ideas which had been kicked around on
TLS for fixing the problem.
In addition to the ones that have been mentioned already either on the
list or in Monday's meeting, there are:
- stream-like modes (CTR, OFB)
- explicit IV
Eric also mentioned two other ideas which allow the continued use of
CBC mode:
- use an implicit pseudorandom IV (i.e., both sides run counter mode
or what have you with a different key just to generate the IV)
- move the MAC to the start of the packet and (somehow) use that as
the IV.
There didn't seem to be consensus in that group on the right answer,
either...
- Bill
Home |
Main Index |
Thread Index |
Old Index