From owner-cvs-all  Mon Feb 12  2:51:36 2001
Delivered-To: cvs-all@freebsd.org
Received: from webcom.it (brian.inet.it [213.92.4.195])
	by hub.freebsd.org (Postfix) with SMTP id 48B7C37B401
	for <cvs-all@FreeBSD.org>; Mon, 12 Feb 2001 02:51:25 -0800 (PST)
Received: (qmail 2945 invoked by uid 1000); 12 Feb 2001 10:45:07 -0000
Date: Mon, 12 Feb 2001 11:45:06 +0100
From: Andrea Campi <andrea@webcom.it>
To: Kris Kennaway <kris@FreeBSD.org>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/crypto/openssh rsa.c rsa.h ssh-agent.c sshconnect1.c sshd.c
Message-ID: <20010212114505.B631@webcom.it>
References: <200102120644.f1C6iqj18540@freefall.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200102120644.f1C6iqj18540@freefall.freebsd.org>; from kris@FreeBSD.org on Sun, Feb 11, 2001 at 10:44:52PM -0800
X-Echelon: BND CIA NSA Mossad KGB MI6 IRA detonator nuclear assault strike
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

>   Modified files:
>     crypto/openssh       rsa.c rsa.h ssh-agent.c sshconnect1.c 
>                          sshd.c 
>   Log:
>   Patches backported from later development version of OpenSSH which prevent
>   (instead of just mitigating through connection limits) the Bleichenbacher
>   attack which can lead to guessing of the server key (not host key) by
>   regenerating it when an RSA failure is detected.

Haven't actually tested this given -CURRENT breakage so I might say something
stupid but...

What happens if an attacker is able to trigger regeneration tens or hundreds of
times per second? I think there is opportunity for a DOS if this isn't done
properly!

Bye,
	Andrea

-- 
         The computer revolution is over. The computers won.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message