Re: applying AES-GCM to secure shell: proposed "tweak"

To: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Subject: Re: applying AES-GCM to secure shell: proposed "tweak"
From: nisse%lysator.liu.se@localhost (Niels Möller)
Date: Mon, 20 Apr 2009 09:45:24 +0200

Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost> writes:

> Have a look at the source code :-).

Summing line counts of inflate, inflate_fast and inflate_table, I get
some 1134 lines, of quite complex code.

> Also less audited/less exposed to attack and scrutiny.  Insert standard open-
> vs. closed-source argument here.  The real issue though isn't to try and
> figure out which one is less risky, but a basic "don't do that, then".

I'm of course not seriously considering using a proprietary zlib
implementation. My thinking was rather that maybe, inflate can be
implemented with much less complexity? Either in general, or for the
context that matters for ssh and similar protocols (we can pass a full
ssh message to the decompressor, and we can pass an output buffer
matching the maximum message size. Then most of the state-machinery in
the zlib implementation is unnecessary).

Regards,
/Niels

References:
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Peter Gutmann

Prev by Date: Re: applying AES-GCM to secure shell: proposed "tweak"
Next by Date: Re: applying AES-GCM to secure shell: proposed "tweak"
Previous by Thread: Re: applying AES-GCM to secure shell: proposed "tweak"
Next by Thread: Re: applying AES-GCM to secure shell: proposed "tweak"
Indexes:

Home | Main Index | Thread Index | Old Index