RE: OpenSSH sabotages protocol extension

To: denis bider <ietf-ssh3%denisbider.com@localhost>, "ietf-ssh%netbsd.org@localhost" <ietf-ssh%netbsd.org@localhost>
Subject: RE: OpenSSH sabotages protocol extension
From: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Date: Fri, 6 Nov 2015 09:02:09 +0000

denis bider <ietf-ssh3%denisbider.com@localhost> writes:

>What possible purpose does this serve?

It's perfectly sensible, if the spec requires that a packet be x, y, z then
getting a packet containing x, y, z, extra garbage is at best a sign of data
corruption, at worst a sign of an active attack.  Rejecting the packet and
closing the connection is good practice, it makes it harder for an attacker to
use you as an oracle.

For an example of what happens if you do ignore extra garbage at the end of
your data, look at the padding attacks on PKCS #1...

Peter.

References:
- OpenSSH sabotages protocol extension
  - From: denis bider

Prev by Date: RE: New version of rsa-sha2-512 draft posted: no more DSA
Next by Date: Re: SSH key algorithm updates
Previous by Thread: Re: OpenSSH sabotages protocol extension
Next by Thread: New version of rsa-sha2-512 draft posted: no more DSA
Indexes:

Home | Main Index | Thread Index | Old Index