Breaking and Provably Repairing the SSH Authenticated Encryption Scheme: A Case Study of the Encode-then-Encrypt-and-MAC Paradigm (2004)

by M Bellare, T Kohno, C Namprempre
Venue:ACM Transactions on Information and System Security