> Maybe this was always clear, but along with that reassurance I guess > you would recommend we all take your stated remedial action : > [place] the following directive in sshd_config and ssh_config: > "Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc" > at the very next maintenance opportunity, on the grounds that it can't > hurt, and can only help ? It can possibly hurt very much - if ctr mode is subject to a different vulnerablility. There has been much discussion of ctr mode having *possible* issues, although nothing I know of published directly about ssh. On the other hand, we have a national security agency who refuses full disclosure, raising a vulnerability and pointing to a switch to counter mode. Perhaps this is to prevent the low likelyhood but possible attack they have found, or perhaps it is to encourage a hasty switch to counter mode which is "more convenient for national security reasons". I don't honestly know - the only REAL info on the subject I've seen has come from djm. You decide who you trust. personally, I won't be making that change hastily anywhere - Nothing I have is directly threatened by this attack, so I can wait until someone figures out the jist of it and implents an appropriate countermeasure, and I see some legitimate peer review on the topic as opposed to FUD spreading. I frankly trust the OpenSSH developers a lot more than I trust ssh.com or a puppet state "no such agency" acting as worn out lapdog for the sorts of people that implement things like the patriot act. People who will not share information with the developers of the software should always be suspect. They have no reason not to without a hidden agenda. -Bob
