Re: AEAD in ssh
denis bider <ietf-ssh3@denisbider.com> Fri, 26 February 2016 05:47 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B82021A1BFF for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Thu, 25 Feb 2016 21:47:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.905
X-Spam-Level:
X-Spam-Status: No, score=-1.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.006] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M-5GbrOH0-HM for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Thu, 25 Feb 2016 21:47:19 -0800 (PST)
Received: from mail.netbsd.org (mail.NetBSD.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC9261A1BEF for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Thu, 25 Feb 2016 21:47:19 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id 5105E85F63; Fri, 26 Feb 2016 05:47:19 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: by mail.netbsd.org (Postfix, from userid 1347) id 0A65085EC9; Fri, 26 Feb 2016 05:47:19 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id DB7A785F4C for <ietf-ssh@NetBSD.org>; Thu, 25 Feb 2016 20:05:57 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id OoH8hJX3oJOQ for <ietf-ssh@netbsd.org>; Thu, 25 Feb 2016 20:05:57 +0000 (UTC)
Received: from skroderider.denisbider.com (skroderider.denisbider.com [50.18.172.175]) (using TLSv1.1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id 5967285EFB for <ietf-ssh@NetBSD.org>; Thu, 25 Feb 2016 20:05:57 +0000 (UTC)
X-Footer: ZGVuaXNiaWRlci5jb20=
Received: from localhost ([127.0.0.1]) by skroderider.denisbider.com for pgut001@cs.auckland.ac.nz; Thu, 25 Feb 2016 20:05:55 +0000
Date: Thu, 25 Feb 2016 20:05:55 +0000
Subject: Re: AEAD in ssh
X-User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0
Message-ID: <1266469733-2760@skroderider.denisbider.com>
X-Priority: 3
Importance: Normal
MIME-Version: 1.0
From: denis bider <ietf-ssh3@denisbider.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: Niels Möller <nisse@lysator.liu.se>, Bryan Ford <brynosaurus@gmail.com>, "Mark D. Baushke" <mdb@juniper.net>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Watson Ladd <watsonbladd@gmail.com>, Daniel Migault <daniel.migault@ericsson.com>, Curdle Chairs <curdle-chairs@ietf.org>, ietf-ssh@NetBSD.org
Content-Type: multipart/alternative; boundary="=-j9ChPccrbTA6wQ5ncgtC"
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
> You'd need to point to actual analysis (of the kind done in Peek-a-boo) to show that it works. If I restrict myself to send the same amount of data, at regular intervals, independent of my packet queue; if I pick up packets from my queue if they are any, and send IGNORE messages otherwise; then this prevents keystroke analysis if done in 10 second bursts; and if I keep it up, it masks everything done on the connection. A paper is not useful to show that this works. It evidently works. Yet, we cannot prove a negative. There are possible ways to get it wrong in practice. If you can think of an attack, a paper can show if that particular attack is viable. But if you can't think of an attack, you can't write a paper to prove there isn't one. > twenty years ago Tatu decided it was a good idea to use CRC32 > as an ICV, RC4 as a cipher, and encrypted lengths By the same logic, Tatu also used C. Maybe we shouldn't use C because Tatu used that. > So maybe we could do a profile for a special allegedly > traffic-analysis resistant SSH, let's called it > Data-oriented SSH or DoSSH, You crack this joke, just after I pointed out that this costs 1 Mbps or less, whereas Netflix uses 3 - 5 Mbps. This is when Google Fiber is rolling out in the US, and we can expect 1 Gbps speeds to be normal in 15 years (if backward thinking people don't stop it). You appear to be engaging in deliberate misunderstandings. There's a repeated claim being made that there's an ongoing controversy about this topic. I'm now beginning to think that this would not be as much the case if we eliminated low-quality arguments.
- Re: AEAD in ssh denis bider
- RE: AEAD in ssh Peter Gutmann
- Re: AEAD in ssh Mark D. Baushke
- RE: AEAD in ssh Peter Gutmann
- Re: AEAD in ssh denis bider
- Re: AEAD in ssh denis bider
- RE: AEAD in ssh Peter Gutmann
- Re: AEAD in ssh denis bider
- Re: AEAD in ssh denis bider
- Re: AEAD in ssh denis bider
- draft-ssh-fixed-bandwidth-00 denis bider
- RE: AEAD in ssh Peter Gutmann
- Re: AEAD in ssh denis bider
- RE: AEAD in ssh Peter Gutmann