Re: Question about Internet Draft Proposal in SSH Trasport Protocol
From: Darren Tucker (dtucker@dodgy.net.au)
Date: 12/01/02
- Next message: Georges Heinesch: "ssh login problem"
- Previous message: Robert Schultz: "Question about Internet Draft Proposal in SSH Trasport Protocol"
- In reply to: Robert Schultz: "Question about Internet Draft Proposal in SSH Trasport Protocol"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: dtucker@dodgy.net.au (Darren Tucker) Date: Sun, 01 Dec 2002 00:33:00 GMT
In article <fd216888.0211301451.6fd310cf@posting.google.com>,
Robert Schultz <sembiance@hotmail.com> wrote:
>In the SSH Transport Layer Protocol draft found here:
>http://ietf.org/html.charters/secsh-charter.html
[snip]
>" Note that length of the concatenation of packet length, padding
> length, payload, and padding MUST be a multiple of the cipher block
> size or 8, whichever is larger. This constraint MUST be enforced
> even when using stream ciphers. Note that the packet length field
> is also encrypted, and processing it requires special care when
> sending or receiving packets."
>
>Uhm... what exactly does this mean?
>'concatenation of' ?
The sum total of the size in memory of all of those things.
>How exactly am I supposed to 'concatenate' them?
Take all of them and put them one after another into a single piece of
memory. Count the number of bytes of memory they take and that's the
"length of the concatenation".
>And a multiple of the "ciper block size" ?
Block ciphers encrypt or decrypt one block and a time. The size of that
block can vary with different ciphers. (For example, DES has a block
size of 8 bytes). If your cipher has a block size of 8 then your total
packet must be a multiple of 8 bytes in length.
>They don't even mention 'cipher' in any other SSH draft anywhere.
http://ietf.org/internet-drafts/draft-ietf-secsh-transport-15.txt
The following ciphers are currently defined:
[snip]
3des-cbc REQUIRED three-key 3DES in CBC mode
blowfish-cbc RECOMMENDED Blowfish in CBC mode
twofish256-cbc OPTIONAL Twofish in CBC mode,
with 256-bit key
[snip]
The "3des-cbc" cipher is three-key triple-DES (encrypt-decrypt-
encrypt), where the first 8 bytes of the key are used for the first
encryption, the next 8 bytes for the decryption, and the following 8
bytes for the final encryption. This requires 24 bytes of key data
(of which 168 bits are actually used). To implement CBC mode, outer
chaining MUST be used (i.e., there is only one initialization
vector). This is a block cipher with 8 byte blocks. This algorithm
is defined in [SCHNEIER]
[snip]
>What they heck are the talking about here?
>How should I determine the amount of padding when sending my packets?
What are you trying to do?
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
- Next message: Georges Heinesch: "ssh login problem"
- Previous message: Robert Schultz: "Question about Internet Draft Proposal in SSH Trasport Protocol"
- In reply to: Robert Schultz: "Question about Internet Draft Proposal in SSH Trasport Protocol"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
