Re: draft-miller-secsh-umac-00.txt

To: ietf-ssh%NetBSD.org@localhost
Subject: Re: draft-miller-secsh-umac-00.txt
From: der Mouse <mouse%Rodents.Montreal.QC.CA@localhost>
Date: Wed, 13 Jun 2007 17:47:20 -0400 (EDT)

>> [...save and restore virtual machine state...]
> Many of the SSH algorithms break in those circumstances.  For
> instance, any stream cipher (including block ciphers in SDCTR mode)
> will leak hugely if the keystream gets reused.

Only if the datastream isn't.  (Perhaps fortunately, the data stream is
likely to be identical to the original in such a case...at least long
enough for the connection to be torn down.)

> In general, I think SSH assumes that time is linear, and isn't
> designed to work in the presence of forking time-streams.  This
> should probably have been mentioned in its Security Considerations.

"Security considerations: this program assumes it is operating in a
space-time continuum with only one time dimension." :-)

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse%rodents.montreal.qc.ca@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Follow-Ups:
- Re: draft-miller-secsh-umac-00.txt
  - From: Nicolas Williams

References:
- draft-miller-secsh-umac-00.txt
  - From: Damien Miller
- Re: draft-miller-secsh-umac-00.txt
  - From: Wei Dai
- Re: draft-miller-secsh-umac-00.txt
  - From: Ben Harris

Prev by Date: Re: draft-miller-secsh-umac-00.txt
Next by Date: Re: draft-miller-secsh-umac-00.txt
Previous by Thread: Re: draft-miller-secsh-umac-00.txt
Next by Thread: Re: draft-miller-secsh-umac-00.txt
Indexes:

Home | Main Index | Thread Index | Old Index