Hi,
From what I can tell from our data, the most common symmetric ciphers in
SSH are proposed by client/servers to be used in CBC mode. With SSL/TLS
and XMLEnc, this mode has had quite some publicity in the recent past.
I was wondering to which degree the attacks that were possible on SSL
with
Ralph Holz h...@net.in.tum.de writes:
From what I can tell from our data, the most common symmetric ciphers in SSH
are proposed by client/servers to be used in CBC mode. With SSL/TLS and
XMLEnc, this mode has had quite some publicity in the recent past.
There have been attacks on SSH based on
On Mon, Feb 11, 2013 at 4:45 PM, Peter Gutmann
pgut...@cs.auckland.ac.nz wrote:
There have been attacks on SSH based on the fact that portions of the packets
aren't authenticated, and as soon as the TLS folks stop bikeshedding and adopt
encrypt-then-MAC I'm going to propose the same thing for
Nico Williams n...@cryptonector.com writes:
On Mon, Feb 11, 2013 at 4:45 PM, Peter Gutmann pgut...@cs.auckland.ac.nz
wrote:
There have been attacks on SSH based on the fact that portions of the packets
aren't authenticated, and as soon as the TLS folks stop bikeshedding and
adopt
On Mon, Feb 11, 2013 at 5:45 PM, Peter Gutmann
pgut...@cs.auckland.ac.nz wrote:
Ralph Holz h...@net.in.tum.de writes:
From what I can tell from our data, the most common symmetric ciphers in SSH
are proposed by client/servers to be used in CBC mode. With SSL/TLS and
XMLEnc, this mode has had
On Mon, Feb 11, 2013 at 4:57 PM, Peter Gutmann
pgut...@cs.auckland.ac.nz wrote:
Nico Williams n...@cryptonector.com writes:
On Mon, Feb 11, 2013 at 4:45 PM, Peter Gutmann pgut...@cs.auckland.ac.nz
wrote:
There have been attacks on SSH based on the fact that portions of the
packets
aren't
Jeffrey Walton noloa...@gmail.com writes:
I know its nothing new here. I'm just befuddled why standardized protocols
written in stone by bright folks (IETF, IEEE, et al) continue to suffer
defects that I don't make/endure (because I listen to cryptographers like
you).
Well, I'm not really a
Nico Williams n...@cryptonector.com writes:
I'd go further: this could be the start of the end of the cipher suite
cartesian product nonsense in TLS. Just negotiate {cipher, mode} and key
exchange separately, or possibly cipher, mode, and key exchange, in just the
same way as you propose
On Mon, Feb 11, 2013 at 6:04 PM, Peter Gutmann
pgut...@cs.auckland.ac.nz wrote:
Nico Williams n...@cryptonector.com writes:
I'd go further: this could be the start of the end of the cipher suite
cartesian product nonsense in TLS. Just negotiate {cipher, mode} and key
exchange separately, or
On 02/12/2013 12:04 AM, Peter Gutmann wrote:
The problem with the cipher-suite explosion is that people want to throw in
vast numbers of pointless vanity suites and algorithms that no-one will ever
use
On balance I think the ciphersuite approach is slightly better
at being a slight counter
On Mon, Feb 11, 2013 at 6:23 PM, Stephen Farrell
stephen.farr...@cs.tcd.ie wrote:
On 02/12/2013 12:04 AM, Peter Gutmann wrote:
The problem with the cipher-suite explosion is that people want to throw in
vast numbers of pointless vanity suites and algorithms that no-one will ever
use
On
On 02/12/2013 12:42 AM, Nico Williams wrote:
On Mon, Feb 11, 2013 at 6:23 PM, Stephen Farrell
stephen.farr...@cs.tcd.ie wrote:
On 02/12/2013 12:04 AM, Peter Gutmann wrote:
The problem with the cipher-suite explosion is that people want to throw in
vast numbers of pointless vanity suites and
On Mon, Feb 11, 2013 at 7:00 PM, Stephen Farrell
stephen.farr...@cs.tcd.ie wrote:
On 02/12/2013 12:42 AM, Nico Williams wrote:
On Mon, Feb 11, 2013 at 6:23 PM, Stephen Farrell
stephen.farr...@cs.tcd.ie wrote:
But I suspect that that was not the rationale way, way back when, back
when
On Mon, Feb 11, 2013 at 8:49 PM, Kevin W. Wall kevin.w.w...@gmail.com wrote:
[Full-disclosure: I am not a Bit9 customer; I just get their
spam^H^H^H^H, er, informative product emails, thanks to a colleague
who signed me up for their mailing list.]
...
There were two code signing certificate
On Mon, Feb 11, 2013 at 6:20 PM, Peter Gutmann pgut...@cs.auckland.ac.nzwrote:
snip
... I don't understand the resistance either, in the case
of TLS it's such a trivial change (in my case it was two lines of code
added
and two lines swapped, alongside hundreds of lines of ad-hockery
15 matches
Mail list logo