More info in my AES128-CBC question
Nicolas Williams
Nicolas.Williams at sun.com
Fri Apr 27 17:30:21 EDT 2007
On Fri, Apr 27, 2007 at 05:13:44PM -0400, Leichter, Jerry wrote:
> What the RFC seems to be suggesting is that the first block of every
> message be SSH_MSG_IGNORE. Since the first block in any message is now
> fixed, there's no way for the attacker to choose it. Since the attacker
SSH_MSG_IGNORE messages carry [random] data.
Effectively what the RFC is calling for is a confounder.
Nico
--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list