Thus spake Wei Dai: > I'll note that using CTR mode is more efficient than either of these > suggestions. It doesn't require unpredictable IVs. ... > Good point. If we want to fix SSH by using a per-packet unpredictable IV, > the IV would have to be added to the list of MAC inputs. I think that > would prevent the attack in appendix C.
So is the correct approach to fix the CBC implementation, or to switch to a mode that is less prone to misuse? > I'm not very familiar with how IETF working groups work, so what's the > next step here? Someone writes an internet-draft (ie. RFC format) describing the change. S -- Stephen Sprunk "So long as they don't get violent, I want to CCIE #3723 let everyone say what they wish, for I myself have K5SSS always said exactly what pleased me." --Albert Einstein ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]