[86706] in cryptography@c2.net mail archive
Re: More info in my AES128-CBC question
daemon@ATHENA.MIT.EDU (Nicolas Williams)
Fri Apr 27 22:18:38 2007
Date: Fri, 27 Apr 2007 16:30:21 -0500
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: "Leichter, Jerry" <leichter_jerrold@emc.com>
Cc: Hagai Bar-El <info@hbarel.com>, Aram Perez <aramperez@mac.com>,
Cryptography <cryptography@metzdowd.com>
In-Reply-To: <Pine.SOL.4.61.0704271629440.21523@mental>
On Fri, Apr 27, 2007 at 05:13:44PM -0400, Leichter, Jerry wrote:
> What the RFC seems to be suggesting is that the first block of every
> message be SSH_MSG_IGNORE. Since the first block in any message is now
> fixed, there's no way for the attacker to choose it. Since the attacker
SSH_MSG_IGNORE messages carry [random] data.
Effectively what the RFC is calling for is a confounder.
Nico
--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
