[Bug 2040] Downgrade attack vulnerability when checking SSHFP records
https://bugzilla.mindrot.org/show_bug.cgi?id=2040 Celeste Liu changed: What|Removed |Added CC||coelacanthus...@gmail.com -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2040] Downgrade attack vulnerability when checking SSHFP records
https://bugzilla.mindrot.org/show_bug.cgi?id=2040 Ondřej Caletka ond...@caletka.cz changed: What|Removed |Added Attachment #2211|0 |1 is obsolete|| --- Comment #7 from Ondřej Caletka ond...@caletka.cz --- Created attachment 2402 -- https://bugzilla.mindrot.org/attachment.cgi?id=2402action=edit Fix downgrade attack vulnerability in handling SSHFP records The same patch, only rebased to OpenSSH 6.4p1 codebase. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2040] Downgrade attack vulnerability when checking SSHFP records
https://bugzilla.mindrot.org/show_bug.cgi?id=2040 Ondřej Caletka ond...@caletka.cz changed: What|Removed |Added Attachment #2184|0 |1 is obsolete|| --- Comment #8 from Ondřej Caletka ond...@caletka.cz --- Created attachment 2403 -- https://bugzilla.mindrot.org/attachment.cgi?id=2403action=edit Handle future digest types correctly The same patch, only rebased to OpenSSH 6.4p1 codebase. Hoping these patche would be eventually make it to a release. :) -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2040] Downgrade attack vulnerability when checking SSHFP records
https://bugzilla.mindrot.org/show_bug.cgi?id=2040 Ondřej Caletka ond...@caletka.cz changed: What|Removed |Added Attachment #2188|0 |1 is obsolete|| --- Comment #6 from Ondřej Caletka ond...@caletka.cz --- Created attachment 2211 -- https://bugzilla.mindrot.org/attachment.cgi?id=2211action=edit Fix downgrade attack vulnerability in handling SSHFP records Here comes a new version of the patch fixing downgrade vulnerability as the former one did not work well after applying the „future digests“ patch. Instructions counting found DNS records are shifted after hostkey initialization. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2040] Downgrade attack vulnerability when checking SSHFP records
https://bugzilla.mindrot.org/show_bug.cgi?id=2040 Ondřej Caletka ond...@caletka.cz changed: What|Removed |Added Attachment #2183|0 |1 is obsolete|| --- Comment #4 from Ondřej Caletka ond...@caletka.cz --- Created attachment 2188 -- https://bugzilla.mindrot.org/attachment.cgi?id=2188action=edit Fix downgrade attack vulnerability in handling SSHFP records I realized that only fingerprints for same key algorithm as sshd offered should be counted as found. Otherwise, it would reject SHA-1 SSHFP only because there is a SHA-256 SSHFP for another key algorithm. As usual, testcase is here, having only SHA-1 SSHFP for RSA Host key: $ ./ssh -vv -o HostKeyAlgorithms=ssh-rsa -o VerifyHostKeyDNS=yes sshfp-test-downgrade.oskarcz.net -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2040] Downgrade attack vulnerability when checking SSHFP records
https://bugzilla.mindrot.org/show_bug.cgi?id=2040 Damien Miller d...@mindrot.org changed: What|Removed |Added CC||d...@mindrot.org --- Comment #3 from Damien Miller d...@mindrot.org --- Wouldn't it be simpler and safer to verify that all fingerprints match? I.e verify that both SHA1 and SHA256 SSHFP records verify correctly. Right now we need only one success and ignore all the hash mismatches... -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2040] Downgrade attack vulnerability when checking SSHFP records
https://bugzilla.mindrot.org/show_bug.cgi?id=2040 --- Comment #2 from Ondřej Caletka ond...@caletka.cz --- (In reply to comment #1) Created attachment 2184 [details] Handle future digest types correctly When testing, I also found out that when a SSHFP record for the host uses digest type other than SHA1 or SHA256, the SSHFP check fails even if SHA1 or SHA256 matches the offered host key. This patch changes this behavior to ignore future digest types. Feel free to test it using ssh -vv -o VerifyHostKeyDNS=yes -o HostKeyAlgorithms=ecdsa-sha2-nistp521 sshfp-test-newdigest.oskarcz.net -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs