>Z number of people will use stream cyphers when they really should be >using ssh, because there are active attackers on the network and the >data is security-critical. This despite that the documentation will >still recommend using SSH as a first choice. The attacks on synchronous stream ciphers (not to be confused with self-synchronizing stream ciphers, which are different sort of animal) are of the sort where Mallory flips a bit, not knowing what the plaintext is, but knowing that the bit is in a certain field of a record. This can be foiled by using a nonlinear checksum or hash function to verify the integrity of the data. phma
