From owner-freebsd-security Sat Jan 1 10:50:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from hellohost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id EBEA91507B for ; Sat, 1 Jan 2000 10:50:07 -0800 (PST) (envelope-from green@FreeBSD.org) Date: Sat, 1 Jan 2000 13:49:22 -0500 (EST) From: Brian Fundakowski Feldman X-Sender: green@green.dyndns.org To: security@FreeBSD.org Subject: OpenSSH protocol 1.6 proposal Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've been thinking what the best way to make OpenSSH more secure would be, and now it seems to be a change in the protocol. What change? Well, SSH version 1.5 and below (all versions so far) have been vulnerable to attacks based upon properties of the highly insecure CRC32 hash used. In my version 1.6, whose clients and servers are completely backward- compatible, the insecure CRC method is replaced with a SHA-1 cryptographic hash; in addition, even more security is afforded because the hash is sent per packet using total collective data output from that side's transmission. This should effectively negate any chances of e.g. playback attacks, even if the malicious intercepter does manage to fool the network stack into accepting his packets. Thanks to peter@ and dan@ for the help they gave me for this. The port-relative patch for this is located at: http://www.FreeBSD.org/~green/openssh.SHA-1.patch MD5 (public_html/openssh.SHA-1.patch) = e21a896f59474a31ab3b9103acf44c35 Let me know what you all think! I still haven't quite decided, but I think packets which fail the SHA-1 test should be silently dropped, or have a counter of them, rather than dropping the connection. Currently, the connection is dropped and error messages displayed/transmitted. I welcome input on that and all parts of this proposal :) P.S.: I realize other people may have proposed something very similar. Indeed, markus's proposal may be something like this. However, since it's impossible to work with anyone who is Theo, or "under" Theo, it's unrealistic to work with that. Hence the reason we need to make a code fork of OpenSSH as soon as convenient. -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message