On Fri, 16 Jul 2010, Jürgen Keil wrote:
>> > The differences reported by cmp -l are in octal;
>> > so this is actually a single bit error.
>>
>> But then TCP checksums should discover the problem
>
>That bit could have fllipped both on the sending
>or the receiving machine (before or after TCP is
>used).
I agree. Given that recent versions of OpenSSH prefer AES-CTR to
AES-CBC it could really happen that one flipped bit in the cipher text
would flip just one bit in the plain text. Aside from the fact that, as
already mentioned, TCP checksum would detect one flipped bit, I do not
believe that the strong integrity protection in the SSH protocol could
fail occasionally. It's more like once in a lifetime situation.
I believe the issue has nothing to do with SSH. An easy way to
verify that would be to use "-o Ciphers=aes128-cbc" on the client side.
Note that on OpenSolaris, "aes128-cbc" would have to be added to the
cipher list on the server side as well since it's not allowed by
default. If one bit is flipped in data encrypted with the CBC mode
before it is decrypted then after decryption it would corrupt all bytes
in 2 adjacent cipher blocks which is 32 bytes in total.
if the plain text is corrupted before being encrypted with CBC,
all transferred data after the first flipped bit will be corrupted.
I think the problem happens on the remote machine after the data
is decrypted and it's not a problem in SSH since it does work with 8KB
data chunks. I don't see how it could corrupt just one bit before
writing the data to the disk.
J.
--
Jan Pechanec
http://blogs.sun.com/janp
_______________________________________________
opensolaris-discuss mailing list
[email protected]
