Date: Mon, 12 Feb 2001 03:04:12 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Andrea Campi <andrea@webcom.it> Cc: Kris Kennaway <kris@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/crypto/openssh rsa.c rsa.h ssh-agent.c sshconnect1.c sshd.c Message-ID: <20010212030412.A29837@mollari.cthul.hu> In-Reply-To: <20010212114505.B631@webcom.it>; from andrea@webcom.it on Mon, Feb 12, 2001 at 11:45:06AM %2B0100 References: <200102120644.f1C6iqj18540@freefall.freebsd.org> <20010212114505.B631@webcom.it>
next in thread | previous in thread | raw e-mail | index | archive | help
--gKMricLos+KVdGMg Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Feb 12, 2001 at 11:45:06AM +0100, Andrea Campi wrote: > > Modified files: > > crypto/openssh rsa.c rsa.h ssh-agent.c sshconnect1.c=20 > > sshd.c=20 > > Log: > > Patches backported from later development version of OpenSSH which pr= event > > (instead of just mitigating through connection limits) the Bleichenba= cher > > attack which can lead to guessing of the server key (not host key) by > > regenerating it when an RSA failure is detected. >=20 > Haven't actually tested this given -CURRENT breakage so I might say somet= hing > stupid but... >=20 > What happens if an attacker is able to trigger regeneration tens or hundr= eds of > times per second? I think there is opportunity for a DOS if this isn't do= ne > properly! Connections are rate-limited - we tested this and found it not to be an iss= ue. Kris --gKMricLos+KVdGMg Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6h8MsWry0BWjoQKURAuo3AKDsocXPFdsPcY0SNdzuMcRmfP8MxACgrWcm vPkmTTO1Vnub7r68vOrJx+g= =BKVv -----END PGP SIGNATURE----- --gKMricLos+KVdGMg-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010212030412.A29837>