[ https://issues.apache.org/jira/browse/SSHD-330?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14133631#comment-14133631 ]
ASF GitHub Bot commented on SSHD-330: ------------------------------------- Github user pasieronen closed the pull request at: https://github.com/apache/mina-sshd/pull/5 > Handshake fails (wrong shared secret) 1 out of 256 times > -------------------------------------------------------- > > Key: SSHD-330 > URL: https://issues.apache.org/jira/browse/SSHD-330 > Project: MINA SSHD > Issue Type: Bug > Affects Versions: 0.11.0 > Reporter: Pasi Eronen > Assignee: Guillaume Nodet > Fix For: 0.12.0 > > > The shared secret returned by KeyAgreement.generateSecret() is a byte array, > which can (by chance, roughly 1 out of 256 times) begin with zero byte. In > SSH, the shared secret is an integer, so we need to strip the leading > zero(es). > Some JCE providers might strip leading zeroes, though. SunJCE used to do this > in Java 6, I think, but not anymore in Java 7 -- and there was an almost > identical bug (handshake fails 1 out of 256 times) in Java's SSL/TLS > implementation in early Java 7 versions (see > http://bugs.java.com/view_bug.do?bug_id=8014618). > Pull request here: > https://github.com/apache/mina-sshd/pull/5 > How to reproduce with OpenSSH client (assuming Mina SSH server running in > port 9922): > for x in {1..500}; do sshpass -p wrong ssh -p9922 > -oKexAlgorithms=diffie-hellman-group-exchange-sha1 someuser@localhost; done > for x in {1..500}; do sshpass -p wrong ssh -p9922 > -oKexAlgorithms=ecdh-sha2-nistp256 someuser@localhost; done -- This message was sent by Atlassian JIRA (v6.3.4#6332)