[ On Tuesday, March 12, 2002 at 09:21:31 (+0000), David Laight wrote: ]
> Subject: Re: FreSSH
>
> One problem with encrypting everything is that it becomes trivial
> to perform a 'chosen plaintext' attack.  Unless you are very
> careful about the algorithm used this could make life easy.

This is true, but there are mitigating factors, at least in SSH.  Indeed
that's one of the reasons you want to use encryption all of the time in
SSH.  The data channel encryption algorithms have been very carefully
designed with these threats in mind.  For one, if I'm not mistaken, the
SSH session key is renegotiated frequently (and of course it is
generated by the best random method available, and then exchanged using
a very secure (but expensive) public key encryption mechanism).  There's
also an option for up to 255 bype of hopefully random padding added to
each packet, though unfortunately I don't believe it can be inserted
randomly (I don't see mention of a padding offset anywhere).

Deciding when you need to use encryption and when not to will also make
it easier for an attacker to know when and what they need to crack.  If
you always use encryption for everything then they've got to do a lot
more work first to find out what it's worth spending their time on.

-- 
								Greg A. Woods

+1 416 218-0098;  <gwoods@acm.org>;  <g.a.woods@ieee.org>;  <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>