Re: OpenSSH and CBC

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

On 15.06.2015 16:05, Gerhard Wiesinger wrote:

http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
https://packetstormsecurity.com/files/72061/Vulnerability_Advisory_SSH.txt.html 
http://isg.rhul.ac.uk/~kp/SandPfinal.pdf
The success probability in recovering 32 plaintext bits is 2^{-18} when attacking the OpenSSH implementation of the SSH RFCs. A variant of the attack against the OpenSSH implementation verifiably recovers 14 plaintext bits with probability 2^{-14}.
Recovering 14 bits: That's basically no better than brute force, so no real attack, isn't it? Recovering 32 bits: That's basically a little bit better than brute force bu think there is also no real attack vector, isn't it?
Especially in the context of OpenSSH 5.2 mitigation and different keys in different kind of connections. 

Any opinions on this?

Ciao,
Gerhard

--
http://www.wiesinger.com/

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux