[PATCH] Add a Maximum Idle Time (1.2.2)
Sean Aaron Lisse
nebulous at owlnet.rice.edu
Tue Mar 7 04:07:51 EST 2000
> the patch looks reasonable, but SSH_MSG_NONE type packets
> must not travel over the wire. this violates the protocol spec.
> SSH_MSG_IGNORE should be used, e.g.:
>
> packet_start(SSH_MSG_IGNORE);
> packet_put_string("bla", 3);
> packet_send();
>
> -markus
One worry... I don't know very much about the protocol specs for ssh, but
I know a -little- about crypto. Would this allow an attacker to mount a
known-text attack? I.e. given that an attacker could now look for
regularly-spaced (probably default-spaced in most cases) packets, and
assume that they contained the string "bla", could the attacker then
have a toehold on finding out the key?
I recommend sending some random characters instead of a constant string
like "bla".
-Sean Lisse
More information about the openssh-unix-dev
mailing list