On Fri, 14 Feb 2014, Hubert Kario wrote: > Suite B for secret (effectively 128 bit security) communication > allows use of AES only in GCM or CTR mode. RFC 6239 > specifies that SSH in Suite B must use AES in GCM mode. > IV of AES 128 in GCM mode as used in SSH is 12 octets (96bit). > > How do you explain this disparity? Since you seem disinclined to go and read about AES-GCM for yourself, I'll point out that the remaining 32 bits are an implicit block counter. See https://tools.ietf.org/html/rfc5647 section 7.1 _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
