User: Password:
Subscribe / Log in / New account

So how to protect myself ?

So how to protect myself ?

Posted Nov 20, 2008 10:28 UTC (Thu) by addw (guest, #1771)
Parent article: SSH plaintext recovery vulnerability

This is supposed to be easy, if I was paranoid would I add something like the following to /etc/ssh/sshd_config :

Ciphers aes128-ctr,aes192-ctr,aes256-ctr

What about things like: arcfour128,arcfour256,arcfour ?

(Log in to post comments)

So how to protect myself ?

Posted Nov 20, 2008 21:24 UTC (Thu) by jengelh (subscriber, #33263) [Link]

This is paranoia. Or just good sense. I have not yet come across an SSH implementation that does not do AES-256-CTR, and should I, I'd replace it with something that does. putty, openssh, you name it.

# grep Ciphers sshd_config
Ciphers aes256-ctr

So how to protect myself ?

Posted Nov 21, 2008 16:08 UTC (Fri) by drag (guest, #31333) [Link]

The AES 256 stuff is what I always use for internet connections.

What point is there in using anything else, really?

For my local Lan typically I'll disable compression and use arcfour.

So how to protect myself ?

Posted Nov 27, 2008 18:43 UTC (Thu) by mikachu (guest, #5333) [Link]

I'm even more paranoid; I assume -cbc is the default for a reason, what are its advantages over -ctr?

So how to protect myself ?

Posted Nov 27, 2008 22:44 UTC (Thu) by kasperd (guest, #11842) [Link]

AFAIK CBC is older and more widely supported than CTR. But CTR is not that complicated, so I'd expect all major implementations to support it.

Supposedly CTR is more secure (for reasons that may be completely unrelated to this vulnerability). But CTR is only more secure if your IV is generated properly. If you were for whatever reason going to reuse an IV, it would weaken CTR a lot more than it would to CBC. However since the symmetric keys are just session keys, such a vulnerability is highly unlikely to exist in ssh. The risk of improper use of IVs for CTR is more of an issue when you have long lived symmetric keys (storage encryption).

I am still not convinced that there even is a vulnerability in ssh. Given the information made available so far, the whole thing could be a canard.

So how to protect myself ?

Posted Nov 23, 2008 22:04 UTC (Sun) by djm (guest, #11651) [Link]

The arcfour* ciphers are not vulnerable - the attack works against CBC ciphers only. If you are using arcfour, then use arcfour256 instead - it is no slower and a but more secure.

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds