IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Albrecht/Paterson/Watson's attack
Simon Tatham <anakin%pobox.com@localhost> writes:
>The MAC would apply to the ciphertext, and the length would be the full
>length of the ciphertext (or perhaps ciphertext+MAC) in clear.
That's what I'd like to see too. My code, and presumably everyone else's as
well, currently contains a large pile of ad-hockery to kludge around all the
different side-channel attacks you have to worry about with the current way
packet data is handled. Being able to do:
read length;
read that many bytes;
run MAC and accept/reject;
would cut out all of this. The only thing you need to worry about is not
using memcmp() for the MAC check.
Peter.
Home |
Main Index |
Thread Index |
Old Index