svn commit: r192595 - in head: crypto/openssh crypto/openssh/openbsd-compat secure/lib/libssh secure/usr.sbin/sshd

Dag-Erling Smørgrav des at
Sun May 24 10:23:32 UTC 2009

Brian Somers <brian at> writes:
> Should this be MFCd a little sooner?

Where to begin...

1) ZDNet is about six months behind - this was discovered in November of
   last year.

2) They also got the numbers wrong; it's 14 bits at 2^-14 chance of

4) They got a lot of other details wrong, including the claim that this
   is a "design flaw in OpenSSH".  It's a design flaw in the SSH
   protocol, and should affect any SSH implementation that uses CBC.

3) It is completely impractical, because every failed attempt kills the
   connection, and it takes several thousand attempts to recover
   anything at all.  In the "how worried should I be" department, it's
   about neck and neck with MD5 collisions.

4) If it *does* worry you, adding the following line at the bottom of
   /etc/ssh_config and /etc/sshd_config will take care of it:

Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc

   On systems where you don't have root access, you can add it to the
   "Host *" section in your ~/.ssh/config:

Host *
  Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc

   Your SSH client / server will then use CBC only if there is no other

Dag-Erling Smørgrav - des at

More information about the svn-src-all mailing list