Date: 07 Jan 2000 21:53:09 +0100 From: Bjoern Groenvall <bg@sics.se> To: Dag-Erling Smorgrav <des@flood.ping.uio.no>, Brian Fundakowski Feldman <green@FreeBSD.ORG> Cc: Markus Friedl <markus.friedl@informatik.uni-erlangen.de>, security@FreeBSD.ORG Subject: Re: OpenSSH protocol 1.6 proposal Message-ID: <wuhfgpa9je.fsf@bg.sics.se> In-Reply-To: Dag-Erling Smorgrav's message of 06 Jan 2000 14:50:39 %2B0100 References: <Pine.BSF.4.10.10001011324420.756-100000@green.dyndns.org> <xzpu2krs40g.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Dag-Erling Smorgrav <des@flood.ping.uio.no> writes: > Brian Fundakowski Feldman <green@FreeBSD.ORG> writes: > > I've been thinking what the best way to make OpenSSH more secure would be, > > and now it seems to be a change in the protocol. What change? Well, > > SSH version 1.5 and below (all versions so far) have been vulnerable to > > attacks based upon properties of the highly insecure CRC32 hash used. > > Which part of "ssh 1.2.25 fixes the problem" did you not understand? Markus Friedl <markus.friedl@informatik.uni-erlangen.de> writes: > 1.2.25 et al do not fix the problem, they just make > attacks a little bit harder. Also remember that the SSH_3DES scheme resists the attack described by Futoranski et.al. The attack is effective against IDEA_CFB, DES_CBC or in general any block cipher that uses CBC or CFB. Currently there is no known attack that is effective when the somewhat weird feedback mode of SSH_3DES is used. So if you are looking for a temporary solution to the SSHv1 problem, disable all ciphers but SSH_3DES. Unlike the attack detector in 1.2.25++, this solution will always resist the Futoranski attack. This does not imply that the SSH_3DES mode is secure, only that there currently has been no published method of attack. In the long run we still need a new packet format. Cheers, Björn -- _ _ ,_______________. Bjorn Gronvall (Björn Grönvall) /_______________/| Swedish Institute of Computer Science | || PO Box 1263, S-164 29 Kista, Sweden | Schroedingers || Email: bg@sics.se, Phone +46 -8 633 15 25 | Cat |/ Cellular +46 -70 768 06 35, Fax +46 -8 751 72 30 `---------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?wuhfgpa9je.fsf>