Date: Mon, 12 Feb 2001 03:04:12 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Andrea Campi <andrea@webcom.it> Cc: Kris Kennaway <kris@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/crypto/openssh rsa.c rsa.h ssh-agent.c sshconnect1.c sshd.c Message-ID: <20010212030412.A29837@mollari.cthul.hu> In-Reply-To: <20010212114505.B631@webcom.it>; from andrea@webcom.it on Mon, Feb 12, 2001 at 11:45:06AM %2B0100 References: <200102120644.f1C6iqj18540@freefall.freebsd.org> <20010212114505.B631@webcom.it>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Mon, Feb 12, 2001 at 11:45:06AM +0100, Andrea Campi wrote: > > Modified files: > > crypto/openssh rsa.c rsa.h ssh-agent.c sshconnect1.c > > sshd.c > > Log: > > Patches backported from later development version of OpenSSH which prevent > > (instead of just mitigating through connection limits) the Bleichenbacher > > attack which can lead to guessing of the server key (not host key) by > > regenerating it when an RSA failure is detected. > > Haven't actually tested this given -CURRENT breakage so I might say something > stupid but... > > What happens if an attacker is able to trigger regeneration tens or hundreds of > times per second? I think there is opportunity for a DOS if this isn't done > properly! Connections are rate-limited - we tested this and found it not to be an issue. Kris [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6h8MsWry0BWjoQKURAuo3AKDsocXPFdsPcY0SNdzuMcRmfP8MxACgrWcm vPkmTTO1Vnub7r68vOrJx+g= =BKVv -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010212030412.A29837>