Re: ARCFOUR and initialization vectors
- From: Simon Tatham <anakin@xxxxxxxxx>
- Date: 23 Apr 2007 12:13:03 +0100 (BST)
K. Jennings <kjennings@xxxxxxxxxxxxxx> wrote:
How is the initialization vector contemplated in the SSH protocol
(both versions) used when the bulk encryption algorithm selected is
ARCFOUR? I thought that IVs do not apply to this streaming algorithm.
Ben Harris <bjh21@xxxxxxxxxxx> wrote:
I don't know about SSH-1, but in SSH-2 [...]
SSH-1 doesn't have a built-in concept of IVs at all; it just has a
single binary blob used as a session key. If an IV were desired then
part of that blob could be used as one and the rest used as the
cipher key, but in fact this doesn't generally happen: SSH-1 ciphers
which do require an IV (DES, 3DES, IDEA, Blowfish) set the IV
unconditionally to all-zeroes. So there's no question to answer for
Arcfour; the session key blob is simply divided down the middle and
the two halves are used as server->client and client->server keys,
and there is no IV data that needs ignoring.
Simon Tatham "loop, infinite _see_ infinite loop"
<anakin@xxxxxxxxx> - Index, Borland Pascal Language Guide