OpenSSH and CBC
Gerhard Wiesinger
lists at wiesinger.com
Fri Jun 19 14:46:12 AEST 2015
On 15.06.2015 16:05, Gerhard Wiesinger wrote:
> http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
> https://packetstormsecurity.com/files/72061/Vulnerability_Advisory_SSH.txt.html
>
> http://isg.rhul.ac.uk/~kp/SandPfinal.pdf
The success probability in recovering 32 plaintext bits is 2^{-18} when
attacking the OpenSSH implementation of the SSH RFCs. A variant of the
attack against the OpenSSH implementation verifiably recovers 14
plaintext bits with probability 2^{-14}.
Recovering 14 bits: That's basically no better than brute force, so no
real attack, isn't it?
Recovering 32 bits: That's basically a little bit better than brute
force bu think there is also no real attack vector, isn't it?
Especially in the context of OpenSSH 5.2 mitigation and different keys
in different kind of connections.
Any opinions on this?
Ciao,
Gerhard
--
http://www.wiesinger.com/
More information about the openssh-unix-dev
mailing list