SSH Security patch
Matt Johnston
matt at ucc.asn.au
Tue May 19 19:48:19 WST 2009
It sounds like the attack described last year, see my
comments at
http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2008q4/000848.html
Dropbear probably could be modified the same way as OpenSSH by
continuing to make fake reads from the socket for the length
requested, though it seems a bit overly complex when using
CTR mode will solve the problem. I'll have a look what
they're doing.
Matt
On Tue, May 19, 2009 at 09:01:44AM +0000, Nigel Lucas wrote:
>
> Just saw this on the news and was wondering if it affected Dropbear users?
>
>
>
> ** OpenSSH chink bares encrypted data packets **
>
>
>
> Cryptographers are urging users of a widely employed network protocol to make sure they're running the latest version after discovering a flaw that could allow attackers to read data that's supposed to remain encrypted."
>
>
> http://www.theregister.co.uk/2009/05/19/open_ssh_hack/
>
>
>
> _________________________________________________________________
> View your Twitter and Flickr updates from one place – Learn more!
> http://clk.atdmt.com/UKM/go/137984870/direct/01/
More information about the Dropbear
mailing list