IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: applying AES-GCM to secure shell: proposed "tweak"
Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost> writes:
> Have a look at the source code :-).
Summing line counts of inflate, inflate_fast and inflate_table, I get
some 1134 lines, of quite complex code.
> Also less audited/less exposed to attack and scrutiny. Insert standard open-
> vs. closed-source argument here. The real issue though isn't to try and
> figure out which one is less risky, but a basic "don't do that, then".
I'm of course not seriously considering using a proprietary zlib
implementation. My thinking was rather that maybe, inflate can be
implemented with much less complexity? Either in general, or for the
context that matters for ssh and similar protocols (we can pass a full
ssh message to the decompressor, and we can pass an output buffer
matching the maximum message size. Then most of the state-machinery in
the zlib implementation is unnecessary).
Regards,
/Niels
Home |
Main Index |
Thread Index |
Old Index