Pasi Eronen created SSHD-330:
--------------------------------
Summary: Handshake fails (wrong shared secret) 1 out of 256 times
Key: SSHD-330
URL: https://issues.apache.org/jira/browse/SSHD-330
Project: MINA SSHD
Issue Type: Bug
Affects Versions: 0.11.0
Reporter: Pasi Eronen
The shared secret returned by KeyAgreement.generateSecret() is a byte array,
which can (by chance, roughly 1 out of 256 times) begin with zero byte. In SSH,
the shared secret is an integer, so we need to strip the leading zero(es).
Some JCE providers might strip leading zeroes, though. SunJCE used to do this
in Java 6, I think, but not anymore in Java 7 -- and there was an almost
identical bug (handshake fails 1 out of 256 times) in Java's SSL/TLS
implementation in early Java 7 versions (see
http://bugs.java.com/view_bug.do?bug_id=8014618).
How to reproduce with OpenSSH client (assuming Mina SSH server running in port
9922):
for x in {1..500}; do sshpass -p wrong ssh -p9922
-oKexAlgorithms=diffie-hellman-group-exchange-sha1 someuser@localhost; done
for x in {1..500}; do sshpass -p wrong ssh -p9922
-oKexAlgorithms=ecdh-sha2-nistp256 someuser@localhost; done
--
This message was sent by Atlassian JIRA
(v6.2#6252)
