More info in my AES128-CBC question
Thor Lancelot Simon
tls at rek.tjls.com
Wed May 9 15:35:44 EDT 2007
On Wed, May 09, 2007 at 01:13:36AM -0500, Travis H. wrote:
> On Fri, Apr 27, 2007 at 05:13:44PM -0400, Leichter, Jerry wrote:
> > Frankly, for SSH this isn't a very plausible attack, since it's not
> > clear how you could force chosen plaintext into an SSH session between
> > messages. A later paper suggested that SSL is more vulnerable:
> > A browser plugin can insert data into an SSL protected session, so
> > might be able to cause information to leak.
>
> Hmm, what about IPSec? Aren't most of the cipher suites used there
> CBC mode?
ESP does not chain blocks across packets. One could produce an ESP
implementation that did so, but there is really no good reason for
that, and as has been widely discussed, an implementation SHOULD use
a PRNG to generate the IV for each packet.
Thor
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list