On Mon, Feb 11, 2013 at 4:45 PM, Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote: > There have been attacks on SSH based on the fact that portions of the packets > aren't authenticated, and as soon as the TLS folks stop bikeshedding and adopt > encrypt-then-MAC I'm going to propose the same thing for SSH, it's such a > no-brainer it should have been adopted years ago when the first attacks popped > up.
No need, just deprecate the CBC ciphers from SSHv2 and be done. We do have counter-mode replacements. Nico -- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
