Re: Authenticated cipher modes

To: henrick%streamsec.se@localhost, ietf-ssh%netbsd.org@localhost
Subject: Re: Authenticated cipher modes
From: Ben Harris <bjh21%bjh21.me.uk@localhost>
Date: Thu, 21 Apr 2005 17:35:59 +0100

In article <4267CC68.5030909%streamsec.se@localhost> you write:
>Ben Harris wrote:
>
>> 2: Feed a counter through a one-way function (either a block cipher or a
>>    hash) to generate the nonce.  This is more expensive (at least if you
>>    use a hash), but saves on network traffic and means that the sequence
>>    number is implicit in the nonce so that it need not be processed by
>>    Helix (though it may as well be, since doing so is cheap).
>
>The obvious solution would be to use a separately keyed instance of 
>Helix as a continuous PRNG. The PRNG seed (i.e. the second Helix key and 
>nonce) could be the initial IV from the NEWKEYS.

Ah yes, of course.  Why didn't I think of that?

-- 
Ben Harris

References:
- Re: Authenticated cipher modes
  - From: Ben Harris
- Re: Authenticated cipher modes
  - From: Ben Harris
- Re: Authenticated cipher modes
  - From: Henrick Hellström

Prev by Date: Re: Authenticated cipher modes
Next by Date: Re: Implementations of 3des-ctr and blowfish-ctr?
Previous by Thread: Re: Authenticated cipher modes
Next by Thread: I-D ACTION:draft-ietf-secsh-x509-01.txt
Indexes:

Home | Main Index | Thread Index | Old Index