On Wed, Jun 17, 2015 at 12:01:09PM +0100, Mark Wooding wrote: > This is great, only collisions won't help you (much).
And then thinking about it more, we hit the problem that we do need a fixed hash value (and therefore a second preimage attack), because the chosen-prefix attacks modify both messages, not just one, so unless we can convince the server to send a bogus key, we couldn't exploit it even if OpenSSH did accept extra MPIs (which I thought it did because I missed the code check and then messed up my Perl one-liner (parentheses, I tell you!)). I don't know where my brain has been these past few days. Apologies for the false alarm. -- brian m. carlson Release Marshal / cPanel, Inc. c: +1 (832) 623-2791 / w: +1 (713) 529-0800 x4068 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
