Skip site navigation (1)Skip section navigation (2) 
Date:      07 Jan 2000 21:53:09 +0100
From:      Bjoern Groenvall <bg@sics.se>
To:        Dag-Erling Smorgrav <des@flood.ping.uio.no>, Brian Fundakowski Feldman <green@FreeBSD.ORG>
Cc:        Markus Friedl <markus.friedl@informatik.uni-erlangen.de>, security@FreeBSD.ORG
Subject:   Re: OpenSSH protocol 1.6 proposal
Message-ID:  <wuhfgpa9je.fsf@bg.sics.se>
In-Reply-To: Dag-Erling Smorgrav's message of 06 Jan 2000 14:50:39 %2B0100
References:  <Pine.BSF.4.10.10001011324420.756-100000@green.dyndns.org> <xzpu2krs40g.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help 
Dag-Erling Smorgrav <des@flood.ping.uio.no> writes:

> Brian Fundakowski Feldman <green@FreeBSD.ORG> writes:
> > I've been thinking what the best way to make OpenSSH more secure would be,
> > and now it seems to be a change in the protocol.  What change?  Well,
> > SSH version 1.5 and below (all versions so far) have been vulnerable to
> > attacks based upon properties of the highly insecure CRC32 hash used.
> 
> Which part of "ssh 1.2.25 fixes the problem" did you not understand?

Markus Friedl <markus.friedl@informatik.uni-erlangen.de> writes:
> 1.2.25 et al do not fix the problem, they just make
> attacks a little bit harder.

Also remember that the SSH_3DES scheme resists the attack described by
Futoranski et.al. The attack is effective against IDEA_CFB, DES_CBC or
in general any block cipher that uses CBC or CFB. Currently there is
no known attack that is effective when the somewhat weird feedback
mode of SSH_3DES is used.

So if you are looking for a temporary solution to the SSHv1 problem,
disable all ciphers but SSH_3DES. Unlike the attack detector in
1.2.25++, this solution will always resist the Futoranski attack.

This does not imply that the SSH_3DES mode is secure, only that there
currently has been no published method of attack. In the long run we
still need a new packet format.

Cheers,
Björn


-- 
  _     _                                               ,_______________.  
Bjorn Gronvall (Björn Grönvall)                        /_______________/|     
Swedish Institute of Computer Science                  |               ||
PO Box 1263, S-164 29 Kista, Sweden                    | Schroedingers ||
Email: bg@sics.se, Phone +46 -8 633 15 25              |      Cat      |/
Cellular +46 -70 768 06 35, Fax +46 -8 751 72 30       `---------------' 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?wuhfgpa9je.fsf>