Good day. Just came across the following list in the oss-security list: http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
People are saying that this vulnerability was tested for Debian's ;)) OpenSSH 4.7p1, but they generally believe that any RFC-compliant implementation should have this if CBC mode is used. The advisory says that CTR mode is safe, but I see that at least for FreeBSD's OpenSSH (OpenSSH_5.1p1) still uses various ciphers in the CBC mode as the preferential ones. Perhaps we should just change the default ciphersuites order? So, it is interesting what OpenSSH developers can tell about this: I had seen no words about this at http://openssh.org/security.html and relese notes, so if you can -- please, comment on this. Thanks! -- Eygene _ ___ _.--. # \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard / ' ` , __.--' # to read the on-line manual )/' _/ \ `-_, / # while single-stepping the kernel. `-'" `"\_ ,_.-;_.-\_ ', fsc/as # _.-'_./ {_.' ; / # -- FreeBSD Developers handbook {_.-``-' {_/ #
pgpy3c7r3BhqK.pgp
Description: PGP signature
