3des cipher and DH group size
Damien Miller
djm at mindrot.org
Sat Feb 15 10:39:39 EST 2014
On Fri, 14 Feb 2014, Hubert Kario wrote:
> Suite B for secret (effectively 128 bit security) communication
> allows use of AES only in GCM or CTR mode. RFC 6239
> specifies that SSH in Suite B must use AES in GCM mode.
> IV of AES 128 in GCM mode as used in SSH is 12 octets (96bit).
>
> How do you explain this disparity?
Since you seem disinclined to go and read about AES-GCM for yourself,
I'll point out that the remaining 32 bits are an implicit block counter.
See https://tools.ietf.org/html/rfc5647 section 7.1
More information about the openssh-unix-dev
mailing list