From owner-svn-src-head@FreeBSD.ORG Sun May 24 10:23:31 2009 Return-Path: Delivered-To: svn-src-head@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D4B9E106564A; Sun, 24 May 2009 10:23:31 +0000 (UTC) (envelope-from des@des.no) Received: from tim.des.no (tim.des.no [194.63.250.121]) by mx1.freebsd.org (Postfix) with ESMTP id 910898FC17; Sun, 24 May 2009 10:23:31 +0000 (UTC) (envelope-from des@des.no) Received: from ds4.des.no (cm-84.215.252.34.getinternet.no [84.215.252.34]) by smtp.des.no (Postfix) with ESMTP id 9B9616D418; Sun, 24 May 2009 12:23:30 +0200 (CEST) Received: by ds4.des.no (Postfix, from userid 1001) id 8184D844E2; Sun, 24 May 2009 12:23:30 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Brian Somers References: <200905221846.n4MIkSY4015378@svn.freebsd.org> <20090524001459.69c93ca9@dev.lan.Awfulhak.org> Date: Sun, 24 May 2009 12:23:30 +0200 In-Reply-To: <20090524001459.69c93ca9@dev.lan.Awfulhak.org> (Brian Somers's message of "Sun, 24 May 2009 00:14:59 -0700") Message-ID: <86d49yx0il.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.92 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: svn-src-head@FreeBSD.org, svn-src-all@FreeBSD.org, src-committers@FreeBSD.org Subject: Re: svn commit: r192595 - in head: crypto/openssh crypto/openssh/openbsd-compat secure/lib/libssh secure/usr.sbin/sshd X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 May 2009 10:23:32 -0000 Brian Somers writes: > Should this be MFCd a little sooner? > > http://news.zdnet.com/2100-9595_22-303182.html Where to begin... 1) ZDNet is about six months behind - this was discovered in November of last year. 2) They also got the numbers wrong; it's 14 bits at 2^-14 chance of success. 4) They got a lot of other details wrong, including the claim that this is a "design flaw in OpenSSH". It's a design flaw in the SSH protocol, and should affect any SSH implementation that uses CBC. 3) It is completely impractical, because every failed attempt kills the connection, and it takes several thousand attempts to recover anything at all. In the "how worried should I be" department, it's about neck and neck with MD5 collisions. 4) If it *does* worry you, adding the following line at the bottom of /etc/ssh_config and /etc/sshd_config will take care of it: Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc On systems where you don't have root access, you can add it to the "Host *" section in your ~/.ssh/config: Host * Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc Your SSH client / server will then use CBC only if there is no other alternative. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no