Date: Sun, 24 May 2009 12:23:30 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Brian Somers <brian@FreeBSD.org> Cc: svn-src-head@FreeBSD.org, svn-src-all@FreeBSD.org, src-committers@FreeBSD.org Subject: Re: svn commit: r192595 - in head: crypto/openssh crypto/openssh/openbsd-compat secure/lib/libssh secure/usr.sbin/sshd Message-ID: <86d49yx0il.fsf@ds4.des.no> In-Reply-To: <20090524001459.69c93ca9@dev.lan.Awfulhak.org> (Brian Somers's message of "Sun, 24 May 2009 00:14:59 -0700") References: <200905221846.n4MIkSY4015378@svn.freebsd.org> <20090524001459.69c93ca9@dev.lan.Awfulhak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Brian Somers <brian@FreeBSD.org> writes: > Should this be MFCd a little sooner? > > http://news.zdnet.com/2100-9595_22-303182.html Where to begin... 1) ZDNet is about six months behind - this was discovered in November of last year. 2) They also got the numbers wrong; it's 14 bits at 2^-14 chance of success. 4) They got a lot of other details wrong, including the claim that this is a "design flaw in OpenSSH". It's a design flaw in the SSH protocol, and should affect any SSH implementation that uses CBC. 3) It is completely impractical, because every failed attempt kills the connection, and it takes several thousand attempts to recover anything at all. In the "how worried should I be" department, it's about neck and neck with MD5 collisions. 4) If it *does* worry you, adding the following line at the bottom of /etc/ssh_config and /etc/sshd_config will take care of it: Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc On systems where you don't have root access, you can add it to the "Host *" section in your ~/.ssh/config: Host * Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc Your SSH client / server will then use CBC only if there is no other alternative. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86d49yx0il.fsf>