Re: applying AES-GCM to secure shell: proposed "tweak"

To: nisse%lysator.liu.se@localhost, pgut001%cs.auckland.ac.nz@localhost
Subject: Re: applying AES-GCM to secure shell: proposed "tweak"
From: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Date: Sun, 19 Apr 2009 17:41:03 +1200

nisse%lysator.liu.se@localhost (Niels =?iso-8859-1?Q?M=F6ller?=) writes:

>Is it primarily the attack surface of inflate (uncompressing) untrusted data
>that worries you, or also deflate (compressing)?

Purely inflate.  I'd be kinda surprised if you could cause problems with input
data, at best you can cause O( n^2 ) behaviour until the hash chain truncation
takes effect.

>* Inflate should be inherently less complex to implement than deflate,

Have a look at the source code :-).

>* I'm awere of an alternative (but unfortunately proprietary) implementations
>of inflate that is claimed to be smaller and simpler than the original one in
>zlib.

Also less audited/less exposed to attack and scrutiny.  Insert standard open-
vs. closed-source argument here.  The real issue though isn't to try and
figure out which one is less risky, but a basic "don't do that, then".

Peter.

Follow-Ups:
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Niels Möller
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Nicolas Williams

References:
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Niels Möller

Prev by Date: Re: applying AES-GCM to secure shell: proposed "tweak"
Next by Date: Re: applying AES-GCM to secure shell: proposed "tweak"
Previous by Thread: Re: applying AES-GCM to secure shell: proposed "tweak"
Next by Thread: Re: applying AES-GCM to secure shell: proposed "tweak"
Indexes:

Home | Main Index | Thread Index | Old Index