[jira] [Commented] (SSHD-330) Handshake fails (wrong shared secret) 1 out of 256 times

2015-07-01 Thread Goldstein Lyor (JIRA) 

[ 
https://issues.apache.org/jira/browse/SSHD-330?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14610218#comment-14610218
 ] 

Goldstein Lyor commented on SSHD-330:
-

Improved _AbstractDH#stripLeadingZeros_ to clone the array only if 1st byte is 
non-zero

 Handshake fails (wrong shared secret) 1 out of 256 times
 

 Key: SSHD-330
 URL: https://issues.apache.org/jira/browse/SSHD-330
 Project: MINA SSHD
  Issue Type: Bug
Affects Versions: 0.11.0
Reporter: Pasi Eronen
Assignee: Guillaume Nodet
 Fix For: 0.12.0, 0.9.1


 The shared secret returned by KeyAgreement.generateSecret() is a byte array, 
 which can (by chance, roughly 1 out of 256 times) begin with zero byte. In 
 SSH, the shared secret is an integer, so we need to strip the leading 
 zero(es).
 Some JCE providers might strip leading zeroes, though. SunJCE used to do this 
 in Java 6, I think, but not anymore in Java 7 -- and there was an almost 
 identical bug (handshake fails 1 out of 256 times) in Java's SSL/TLS 
 implementation in early Java 7 versions (see 
 http://bugs.java.com/view_bug.do?bug_id=8014618).
 Pull request here:
 https://github.com/apache/mina-sshd/pull/5
 How to reproduce with OpenSSH client (assuming Mina SSH server running in 
 port 9922):
 for x in {1..500}; do sshpass -p wrong ssh -p9922 
 -oKexAlgorithms=diffie-hellman-group-exchange-sha1 someuser@localhost; done 
 for x in {1..500}; do sshpass -p wrong ssh -p9922 
 -oKexAlgorithms=ecdh-sha2-nistp256 someuser@localhost; done 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SSHD-330) Handshake fails (wrong shared secret) 1 out of 256 times

2014-09-15 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/SSHD-330?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14133631#comment-14133631
 ] 

ASF GitHub Bot commented on SSHD-330:
-

Github user pasieronen closed the pull request at:

https://github.com/apache/mina-sshd/pull/5


 Handshake fails (wrong shared secret) 1 out of 256 times
 

 Key: SSHD-330
 URL: https://issues.apache.org/jira/browse/SSHD-330
 Project: MINA SSHD
  Issue Type: Bug
Affects Versions: 0.11.0
Reporter: Pasi Eronen
Assignee: Guillaume Nodet
 Fix For: 0.12.0


 The shared secret returned by KeyAgreement.generateSecret() is a byte array, 
 which can (by chance, roughly 1 out of 256 times) begin with zero byte. In 
 SSH, the shared secret is an integer, so we need to strip the leading 
 zero(es).
 Some JCE providers might strip leading zeroes, though. SunJCE used to do this 
 in Java 6, I think, but not anymore in Java 7 -- and there was an almost 
 identical bug (handshake fails 1 out of 256 times) in Java's SSL/TLS 
 implementation in early Java 7 versions (see 
 http://bugs.java.com/view_bug.do?bug_id=8014618).
 Pull request here:
 https://github.com/apache/mina-sshd/pull/5
 How to reproduce with OpenSSH client (assuming Mina SSH server running in 
 port 9922):
 for x in {1..500}; do sshpass -p wrong ssh -p9922 
 -oKexAlgorithms=diffie-hellman-group-exchange-sha1 someuser@localhost; done 
 for x in {1..500}; do sshpass -p wrong ssh -p9922 
 -oKexAlgorithms=ecdh-sha2-nistp256 someuser@localhost; done 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SSHD-330) Handshake fails (wrong shared secret) 1 out of 256 times

2014-06-16 Thread Guillaume Nodet (JIRA) 

[ 
https://issues.apache.org/jira/browse/SSHD-330?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14032188#comment-14032188
 ] 

Guillaume Nodet commented on SSHD-330:
--

Thx for the patch !

 Handshake fails (wrong shared secret) 1 out of 256 times
 

 Key: SSHD-330
 URL: https://issues.apache.org/jira/browse/SSHD-330
 Project: MINA SSHD
  Issue Type: Bug
Affects Versions: 0.11.0
Reporter: Pasi Eronen
Assignee: Guillaume Nodet
 Fix For: 0.12.0


 The shared secret returned by KeyAgreement.generateSecret() is a byte array, 
 which can (by chance, roughly 1 out of 256 times) begin with zero byte. In 
 SSH, the shared secret is an integer, so we need to strip the leading 
 zero(es).
 Some JCE providers might strip leading zeroes, though. SunJCE used to do this 
 in Java 6, I think, but not anymore in Java 7 -- and there was an almost 
 identical bug (handshake fails 1 out of 256 times) in Java's SSL/TLS 
 implementation in early Java 7 versions (see 
 http://bugs.java.com/view_bug.do?bug_id=8014618).
 Pull request here:
 https://github.com/apache/mina-sshd/pull/5
 How to reproduce with OpenSSH client (assuming Mina SSH server running in 
 port 9922):
 for x in {1..500}; do sshpass -p wrong ssh -p9922 
 -oKexAlgorithms=diffie-hellman-group-exchange-sha1 someuser@localhost; done 
 for x in {1..500}; do sshpass -p wrong ssh -p9922 
 -oKexAlgorithms=ecdh-sha2-nistp256 someuser@localhost; done 



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (SSHD-330) Handshake fails (wrong shared secret) 1 out of 256 times

2014-06-12 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/SSHD-330?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14028968#comment-14028968
 ] 

ASF GitHub Bot commented on SSHD-330:
-

GitHub user pasieronen opened a pull request:

https://github.com/apache/mina-sshd/pull/5

SSHD-330 Strip leading zero(es) from the shared secret



You can merge this pull request into a Git repository by running:

$ git pull https://github.com/pasieronen/mina-sshd 
SSHD-330-shared-secret-zeroes

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/mina-sshd/pull/5.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #5


commit e7ebbc6bf1e13ac0da00b75b12814cc7827eb18d
Author: Pasi Eronen p...@iki.fi
Date:   2014-06-12T09:27:33Z

Strip leading zero(es) from the shared secret




 Handshake fails (wrong shared secret) 1 out of 256 times
 

 Key: SSHD-330
 URL: https://issues.apache.org/jira/browse/SSHD-330
 Project: MINA SSHD
  Issue Type: Bug
Affects Versions: 0.11.0
Reporter: Pasi Eronen

 The shared secret returned by KeyAgreement.generateSecret() is a byte array, 
 which can (by chance, roughly 1 out of 256 times) begin with zero byte. In 
 SSH, the shared secret is an integer, so we need to strip the leading 
 zero(es).
 Some JCE providers might strip leading zeroes, though. SunJCE used to do this 
 in Java 6, I think, but not anymore in Java 7 -- and there was an almost 
 identical bug (handshake fails 1 out of 256 times) in Java's SSL/TLS 
 implementation in early Java 7 versions (see 
 http://bugs.java.com/view_bug.do?bug_id=8014618).
 How to reproduce with OpenSSH client (assuming Mina SSH server running in 
 port 9922):
 for x in {1..500}; do sshpass -p wrong ssh -p9922 
 -oKexAlgorithms=diffie-hellman-group-exchange-sha1 someuser@localhost; done 
 for x in {1..500}; do sshpass -p wrong ssh -p9922 
 -oKexAlgorithms=ecdh-sha2-nistp256 someuser@localhost; done 



--
This message was sent by Atlassian JIRA
(v6.2#6252)