IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Terrapin



> Why *does* EtM-OpenSSH send packet lengths in the clear?  I had to add a pile
> of special-snowflake processing for that, no other mode needs this meaning
> there's extra code paths to test and potentially have vulnerabilities in.

This is needed to find the location of the MAC at the end of the
packet so that it can be verified before the packet is deciphered.
AEAD ciphers tend to have the length field in clear for the same
reason. chacha20-poly1305 uses an additional encryption pass to
process the length field separately.

-- 
Alexandre
https://www.nongnu.org/libassh/



Home | Main Index | Thread Index | Old Index