On Tue, Feb 20, 2001 at 12:48:09PM +0100, Johannes Geiger wrote:
The following patch is UNTESTED and supplied only to make myself clear.
If anybody is interested: Thomas Themel (thanks) pointed out to me an
error in my patch. In rsaglue.c it should read of course
+ success = (value[0] == 0
On Thu, Feb 22, 2001 at 11:49:45AM -0500, Dan Astoorian wrote:
On Wed, 21 Feb 2001 15:37:45 EST, Markus Friedl writes:
OpenSSH checks whether the two calls to rsa_private_decrypt()
success and the resulting session keys has the correct size.
Otherwise it just uses a 'random' session
On Tue, Feb 20, 2001 at 12:48:09PM +0100, Johannes Geiger wrote:
Wouldn't it be much easier and less error prone to actually disable the
oracle, which is the real problem leading to the attack, instead of all
this key regeneration stuff?
This is what OpenSSH-2.5.1 tries to do.
So all you
Hello!
On Wed, Feb 14, 2001 at 05:35:13AM +0100, Ivn Arce wrote:
In light of the recent posts to bugtraq concerning the
CORE SDI advisory that describes the SSH1 session
key recovery vulnerability a few things needs to be
noted:
(...)
The rationale for the above fix is to regenerate
Hi!
--- rsaglue.c Wed Jan 17 11:42:52 2001
+++ rsaglue.c Tue Feb 13 16:05:33 2001
@@ -264,8 +264,10 @@
mpz_clear(aux);
if (value[0] != 0 || value[1] != 2)
+ {
+kill(getppid(),SIGALRM);
fatal("Bad result from rsa_private_decrypt");
-
+ }
for (i = 2; i len
1){
2) static time_t last_kill_time = 0;
3) if (time(NULL) - last_kill_time 60 getppid() != 1)
4){
5) last_kill_time = time(NULL);
6) kill(SIGALRM, getppid());
7) }
8) fatal("Bad result from rsa_private_decrypt");
9)}
The rationale for the
Hello,
In light of the recent posts to bugtraq concerning the
CORE SDI advisory that describes the SSH1 session
key recovery vulnerability a few things needs to be
noted:
- CORE SDI does not provide support services to
SSH1 and does not maintain its source tree. However,
given the