On 2016-06-21T09:18, Aaron Zauner <[email protected]> wrote: > > > On 21 Jun 2016, at 14:55, Aaron Zauner <[email protected]> wrote: > > > > Hi, > > > > Our recommendations go with EtM in OpenSSH, Kenny Paterson published this > > slide deck recently: > > http://www.turing-gateway.cam.ac.uk/documents/tgmw35/Kenny%20Paterson.pdf > > > > They identify a CBC timing oracle (not much used anymore) but more > > importantly: they identify a error in the generic Encrypt-then-Mac > > implementation in OpenSSH which is used quite a lot. I'm not aware of > > upstream patches. > > Follow-up: https://twitter.com/kennyog/status/745153366699827205
Is there any more specific description of the problem? Somehow I can't really make sense of the slides regarding EtM problems, there are references to papers, e.g. on slide 56, but I can't even find the paper. Let alone make sense of the slides. Sorry for being dense, might be lack of coffee ;) Ciao, Alexander Wuerstlein. _______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
