> On 21 Jun 2016, at 14:55, Aaron Zauner <[email protected]> wrote: > > Hi, > > Our recommendations go with EtM in OpenSSH, Kenny Paterson published this > slide deck recently: > http://www.turing-gateway.cam.ac.uk/documents/tgmw35/Kenny%20Paterson.pdf > > They identify a CBC timing oracle (not much used anymore) but more > importantly: they identify a error in the generic Encrypt-then-Mac > implementation in OpenSSH which is used quite a lot. I'm not aware of > upstream patches.
Follow-up: https://twitter.com/kennyog/status/745153366699827205 Aaron
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
