zlib compression, the exploit, and OpenSSH

Markus Friedl markus at openbsd.org
Fri Mar 15 03:36:58 EST 2002

On Wed, Mar 13, 2002 at 12:07:34PM -0800, ewheeler at kaico.com wrote:
> 2.  What are the logistics of moving all non-critical external library
> calls (zlib in this case, but others if they exist) *after*
> authentication?

this would only work if we disallowed compression
until after authentication and start to rekey
after successful authentication.

More information about the openssh-unix-dev mailing list