Salut, Maurice, On Tue, 1 Jul 2008 16:02:46 -0400, Maurice Volaski wrote: > It turns out it was intentionally presenting me with misinformation. > You see, there was no key file present where it was looking. I > thought it was looking in one place, but it was actually looking in > another. > > Fail quietly, indeed! It's not simply doing this under ordinary > operation, but even in debug operation, even under debug level 3. In > the perfect place where it can tell us quite informatively what's > about to go wrong--there is nothing! > > So in case you're wondering why debugging OpenSSH can be so hard, now > you know. Please bear in mind that in the world of cryptography, the difference between proper error messages and information disclosure vulnerabilities is narrow, or only a nuance. Tonnerre -- SyGroup GmbH Tonnerre Lombard Solutions Systematiques Tel:+41 61 333 80 33 Güterstrasse 86 Fax:+41 61 383 14 67 4053 Basel Web:www.sygroup.ch tonnerre.lombard@xxxxxxxxxx
Attachment:
signature.asc
Description: PGP signature
