Re: applying AES-GCM to secure shell: proposed "tweak"

To: Damien Miller <djm%mindrot.org@localhost>
Subject: Re: applying AES-GCM to secure shell: proposed "tweak"
From: nisse%lysator.liu.se@localhost (Niels Möller)
Date: Thu, 09 Apr 2009 09:22:27 +0200

Damien Miller <djm%mindrot.org@localhost> writes:

> another option, would be encrypting the length field with an
> independently-keyed cipher, but I doubt that it is worth it.

Actually, I think that's clever! It's natural to use somewhat
different mechanisms for data that's fixed size, and data that is of
variable size.

The length field must still be properly autenticted together with the
data, but maybe that is done implicitly with AEAD?

/Niels

References:
- applying AES-GCM to secure shell: proposed "tweak"
  - From: Tim Polk
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Damien Miller

Prev by Date: Re: applying AES-GCM to secure shell: proposed "tweak"
Next by Date: Re: applying AES-GCM to secure shell: proposed "tweak"
Previous by Thread: Re: applying AES-GCM to secure shell: proposed "tweak"
Next by Thread: Re: applying AES-GCM to secure shell: proposed "tweak"
Indexes:

Home | Main Index | Thread Index | Old Index