[PATCH] Add a Maximum Idle Time (1.2.2)

Sean Aaron Lisse nebulous at owlnet.rice.edu
Tue Mar 7 04:07:51 EST 2000


> the patch looks reasonable, but SSH_MSG_NONE type packets
> must not travel over the wire. this violates the protocol spec.

> SSH_MSG_IGNORE should be used, e.g.:
> 
> 	packet_start(SSH_MSG_IGNORE);
> 	packet_put_string("bla", 3);
> 	packet_send();
> 
> -markus

One worry... I don't know very much about the protocol specs for ssh, but
I know a -little- about crypto.  Would this allow an attacker to mount a
known-text attack?  I.e. given that an attacker could now look for
regularly-spaced (probably default-spaced in most cases) packets, and
assume that they contained the string "bla", could the attacker then
have a toehold on finding out the key?

  I recommend sending some random characters instead of a constant string
like "bla".

 -Sean Lisse






More information about the openssh-unix-dev mailing list