IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: applying AES-GCM to secure shell: proposed "tweak"
>>> There has been a security vulnerability [...]
>> Thanks. Do you have a pointer to more details?
> http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
Got a pointer to anything that actually describes the attack? That
page describes only the effect of the attack, not the mechanism, and
makes claims that seem dubious to me ("an arbitrary, attacker-selected
block of ciphertext", claims that only CBC mode is affected, and the
claims here that it's due to encrypting packet lengths - these sound
unlikely to me to all be true - but of course that likely just means
I'm missing something, which is why I'm interested in more details).
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse%rodents-montreal.org@localhost
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Home |
Main Index |
Thread Index |
Old Index