LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

So how to protect myself ?

So how to protect myself ?

Posted Nov 27, 2008 18:43 UTC (Thu) by mikachu (guest, #5333)
In reply to: So how to protect myself ? by jengelh
Parent article: SSH plaintext recovery vulnerability

I'm even more paranoid; I assume -cbc is the default for a reason, what are its advantages over -ctr?

(Log in to post comments)

So how to protect myself ?

Posted Nov 27, 2008 22:44 UTC (Thu) by kasperd (guest, #11842) [Link]

AFAIK CBC is older and more widely supported than CTR. But CTR is not that complicated, so I'd expect all major implementations to support it.

Supposedly CTR is more secure (for reasons that may be completely unrelated to this vulnerability). But CTR is only more secure if your IV is generated properly. If you were for whatever reason going to reuse an IV, it would weaken CTR a lot more than it would to CBC. However since the symmetric keys are just session keys, such a vulnerability is highly unlikely to exist in ssh. The risk of improper use of IVs for CTR is more of an issue when you have long lived symmetric keys (storage encryption).

I am still not convinced that there even is a vulnerability in ssh. Given the information made available so far, the whole thing could be a canard.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds