Re: CRIME attack vulnerability for ssh

Wed, 20 Nov 2013 05:11:30 -0800 

Rahila Syed wrote:

I am using  OpenSSH compression for  compressing data between
PostgreSQL servers. I am using following command,

  ssh -c  arcfour,blowfish-cbc -4 -2 -v -C -L 3304:localhost:5432 user@server2

I want to know if vulnerability CRIME which attacks SSL deflate
compression algorithm is a threat to SSH compression too?

After reading around a bit , i could find that it is a possibility
that SSH can be affected by CRIME.

So , can someone please confirm if CRIME vulnerability exists for SSH
compression?
Sure the principal of CRIME applies to any compressed connection that multiplexes streams an attacker can control by making repeated requests over the connection and observing the changes in encrypted data.
But who leaves their PostgreSQL listening socket open to the world ? including the other end of the SSH tunnel.
For example if you are listening on localhost then presumably the entire system is trusted. All applications and processes are good and trusted.
To mitigate the whole problem you might be able to use PostgreSQL 'md5' authentication type which is challenge-response based. (please experiment, tcpdump unencrypted connections and prove my claim here). 
Ensure to disable all other authentication mechanisms (such as 'password').
With 'md5' it means the data for each authentication attempt is randomly unique, as the challenge is a random number and the response is based on the input random number.
This is not subject to replay attack, so the attacker can not repeat the input and observe the changes on the network, since the input is different everytime authentication is attempted.
Contrast this with HTTP based cookies (the subject of CRIME) and HTTP Basic auth, the data is the same every time. (Even HTTP Digest auth is subject to CRIME since the data can be reused once setup). 


Of course seek advice from a paid professional.

Darryl

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to