On 15.06.2015 16:05, Gerhard Wiesinger wrote:
http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
https://packetstormsecurity.com/files/72061/Vulnerability_Advisory_SSH.txt.html
http://isg.rhul.ac.uk/~kp/SandPfinal.pdf
The success probability in recovering 32 plaintext bits is 2^{-18} when
attacking the OpenSSH implementation of the SSH RFCs. A variant of the
attack against the OpenSSH implementation verifiably recovers 14
plaintext bits with probability 2^{-14}.
Recovering 14 bits: That's basically no better than brute force, so no
real attack, isn't it?
Recovering 32 bits: That's basically a little bit better than brute
force bu think there is also no real attack vector, isn't it?
Especially in the context of OpenSSH 5.2 mitigation and different keys
in different kind of connections.
Any opinions on this?
Ciao,
Gerhard
--
http://www.wiesinger.com/
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev