"arcfour-fixes" draft

To: ietf-ssh%netbsd.org@localhost
Subject: "arcfour-fixes" draft
From: Ben Harris <bjh21%bjh21.me.uk@localhost>
Date: Sat, 19 Mar 2005 19:44:23 +0000 (GMT)

As [SSH-TRANS] mentions, its definition of the "arcfour" algorithm suffersfrom weak keys. I've written a specification for a variant of thealgorithm that prevents this by just discarding the beginning of theArcfour keystream. I've posted it as <http://www.ietf.org/internet-drafts/draft-harris-ssh-arcfour-fixes-00.txt>, and invite the WGto comment on it. I think this is at least as important as newmodes, butI appreciate that it may be rather too late to get it turned into a WGdraft.

Incidentally, having read more of Fluhrer and McGrew's paper, I think myrecommendation in the Security Considerations section to rekey every 1G ofdata is useless and I intend to remove it in the next revision. I'll tryto work out some text that describes the real impact of theirdiscriminator to replace it.


--
Ben Harris

Prev by Date: Re: Secure Shell: Milestone Update.
Next by Date: latest drafts
Previous by Thread: Secure Shell: Milestone Update.
Next by Thread: I-D ACTION:draft-ietf-secsh-auth-kbdinteract-07.txt
Indexes:

Home | Main Index | Thread Index | Old Index