Sam Kuper <[email protected]> writes: > 2009/6/30 Nico Golde > <[email protected]<debian-security%[email protected]>
>> http://security-tracker.debian.net/tracker/CVE-2008-5161 > Ouch! I agree with the note. My understanding is that you then terminate the connection you're attacking as part of the attempt to recover the cleartext unless you happen to succeed. I think it's going to be very hard to launch this attack effectively in a real-world situation. That's also upstream's position: http://www.openssh.com/txt/cbc.adv -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
