Re: Terrapin

To: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Subject: Re: Terrapin
From: Alexandre Becoulet <alexandre.becoulet%free.fr@localhost>
Date: Fri, 29 Dec 2023 12:03:23 +0100

> Why *does* EtM-OpenSSH send packet lengths in the clear?  I had to add a pile
> of special-snowflake processing for that, no other mode needs this meaning
> there's extra code paths to test and potentially have vulnerabilities in.

This is needed to find the location of the MAC at the end of the
packet so that it can be verified before the packet is deciphered.
AEAD ciphers tend to have the length field in clear for the same
reason. chacha20-poly1305 uses an additional encryption pass to
process the length field separately.

-- 
Alexandre
https://www.nongnu.org/libassh/

Follow-Ups:
- Re: Terrapin
  - From: Mouse

References:
- Re: Terrapin
  - From: Mouse
- Re: Terrapin
  - From: Simon Tatham
- Re: Terrapin
  - From: Peter Gutmann

Prev by Date: Re: Terrapin
Next by Date: Re: Terrapin
Previous by Thread: Re: Terrapin
Next by Thread: Re: Terrapin
Indexes:

Home | Main Index | Thread Index | Old Index