WingNews logo WingNews
top | item 38691284

(no title)

briansmith | 2 years ago

> But it took until 2023 for someone to do the legwork to figure out how broken it was.

It took until 2023 for somebody to publicly disclose the problem.

The first fix for it was described in RFC 5647, which was published in August 2009 (first draft was submitted in June 27, 2008).

discuss

order

hannob|2 years ago

So how did it happen that GCM modes for SSH contained a fix, but ChaCha20-Poly1305 did not?

briansmith|2 years ago

I think that's a really good question. The way this worked out is worth studying in detail. What was the process with which the AES-GCM cipher suites for SSH were developed? What was the process with which the ChaCha20-Poly1305 cipher suites were developed? How did the difference in processes lead to the difference in results? Will anybody change their process based on these results?