svn commit: r192595 - in head: crypto/openssh
crypto/openssh/openbsd-compat secure/lib/libssh secure/usr.sbin/sshd
Dag-Erling Smørgrav
des at des.no
Sun May 24 10:23:32 UTC 2009
Brian Somers <brian at FreeBSD.org> writes:
> Should this be MFCd a little sooner?
>
> http://news.zdnet.com/2100-9595_22-303182.html
Where to begin...
1) ZDNet is about six months behind - this was discovered in November of
last year.
2) They also got the numbers wrong; it's 14 bits at 2^-14 chance of
success.
4) They got a lot of other details wrong, including the claim that this
is a "design flaw in OpenSSH". It's a design flaw in the SSH
protocol, and should affect any SSH implementation that uses CBC.
3) It is completely impractical, because every failed attempt kills the
connection, and it takes several thousand attempts to recover
anything at all. In the "how worried should I be" department, it's
about neck and neck with MD5 collisions.
4) If it *does* worry you, adding the following line at the bottom of
/etc/ssh_config and /etc/sshd_config will take care of it:
Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc
On systems where you don't have root access, you can add it to the
"Host *" section in your ~/.ssh/config:
Host *
Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc
Your SSH client / server will then use CBC only if there is no other
alternative.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the svn-src-head
mailing list