Re: applying AES-GCM to secure shell: proposed "tweak"

To: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Subject: Re: applying AES-GCM to secure shell: proposed "tweak"
From: Nicolas Williams <Nicolas.Williams%sun.com@localhost>
Date: Wed, 8 Apr 2009 23:00:55 -0500

On Thu, Apr 09, 2009 at 03:27:30PM +1200, Peter Gutmann wrote:
> Nicolas Williams <Nicolas.Williams%sun.com@localhost> writes:
> 
> >The fact that SSHv2 encrypts the packet length has been a cause of a
> >significant protocol security vulnerability.  Let's kill this encrypt- the-
> >packet-length notion.
> 
> If we're going to make this change, could we also consider moving *all*
> ciphers to nonencrypted lengths?  This currently requires horribly complex

Not with a flag day.  Implementors will have to keep implementing the
old thing for a long time.

Nico
--

Follow-Ups:
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Peter Gutmann

References:
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Nicolas Williams
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Peter Gutmann

Prev by Date: Re: applying AES-GCM to secure shell: proposed "tweak"
Next by Date: Re: applying AES-GCM to secure shell: proposed "tweak"
Previous by Thread: Re: applying AES-GCM to secure shell: proposed "tweak"
Next by Thread: Re: applying AES-GCM to secure shell: proposed "tweak"
Indexes:

Home | Main Index | Thread Index | Old Index