Entry 23806 (Berkeley CSUA MOTD)

Berkeley CSUA MOTD:Entry 23806

WIKI \| FAQ \| Tech FAQ
`http://csua.com/feed/`

2025/05/25 [General] UID:1000 Activity:popular

5/25

2002/2/7-8 [Computer/SW/Security] UID:23806 Activity:high

2/7     An attack on the SSHv2 Protocol (for those who don't follow
        sci.crypt):
        http://groups.google.com/groups?hl=en&group=sci.crypt&selm=MPG.16cb6c26ff1c3931989687%40chicago.usenetserver.com
        \_ The thing about all these newer 'attacks' is they all require the
           man in the middle to have all sorts of access you can't expect a
           typical hacker to get.  Anyone who has the warrant or the skill to
           insert themself into my ssh2 datastream will probably find it
           easier to hack straight into the server or just get a warrant to
           put a van outside my building and 'listen in' on my keyboard and
           monitor through the walls.  I'm not losing sleep over this one.
           \_ Yes it is theoretical, but the point is that it could be more
              secure. IPSec for example does not have the problem.

ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2025/05/25 [General] UID:1000 Activity:popular

5/25

You may also be interested in these entries...

2013/10/24-11/21 [Computer/Companies/Apple] UID:54747 Activity:nil

9/19    "No, A Severed Finger Will Not Be Able to Access a Stolen iPhone 5S"
        http://mashable.com/2013/09/15/severed-finger-iphone-5s
        I'm sure the Apple QA department has tested extensively that a severed
        finger will not be able to access a stolen iPhone 5S.
        \_ It doesn't matter whether or not a severed finger can be used.  It
           matters whether or not a robber thinks that a severed finger can be
	...

2013/6/6-7/31 [Politics/Foreign/Asia/China, Computer/SW/Security] UID:54690 Activity:nil

6/6     Wow, NSA rocks. Who would have thought they had access to major
        data exchangers? I have much more respect for government workers,
        crypto experts, mathematicans now than ever.
        \_ flea to Hong Kong --> best dim-sum in the world
           \_ "flee"
        \_ The dumb ones work for DMV, the smart ones for the NSA. If you
	...

2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil

8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...

2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil

8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
	...

2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil

8/6     Amazon and Apple have lame security policies:
        http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all
        "First you call Amazon and tell them you are the account holder, and
         want to add a credit card number to the account. All you need is the
         name on the account, an associated e-mail address, and the billing
         address. "
	...

2012/7/13-8/19 [Computer/SW/Security, Computer/Companies/Yahoo] UID:54436 Activity:nil

7/13    Why would Yahoo store passwords unencrypted?  I recall that even 20+
        years ago the passwords stored in /etc/passwd on instructional
        machines here at Cal were one-way encrypted.  (I think those were
        Ultrix machines.)
        \_ Doesn't this say anything already?
           http://finance.yahoo.com/echarts?s=YHOO+Interactive#symbol=yhoo;range=5y
	...

2011/5/19-7/30 [Computer/SW/Security] UID:54110 Activity:nil

5/19    Uh, is anyone still using this? Please mark here if you post and
        haven't added this yet. I'll start:
        \_ person k
        \_ ausman, I check in about once a week.
        \_ erikred, twice a week or so.
        \_ mehlhaff, I login when I actually own my home directory instead of
	...

2011/2/14-4/20 [Computer/SW/Unix] UID:54039 Activity:nil

2/14    You sure soda isn't running windows in disguise?  It would explain the
        uptimes.
        \_ hardly, My winbox stays up longer.
        \_ Nobody cares about uptime anymore brother, that's what web2.0 has
           taught us.  Everything is "stateless".
           \_ You;d think gamers would care more about uptime.
	...

Cache (1982 bytes)

groups.google.com/groups?hl=en&group=sci.crypt&selm=MPG.16cb6c26ff1c3931989687%40chicago.usenetserver.comSimilarly, CBC mode is not secure if the attacker can observe the last ciphertext block before choosing the next block of plaintext, because the last block of ciphertext essentially serves as the IV for the rest of the message. Remember that in CBC mode, each plaintext block is XOR'ed with the last ciphertext block and then encrypted to produce the next ciphertext block. Suppose the attacker suspects that plaintext block P_i might be x, and wants to test whether that's the case, he would choose the next plaintext block P_j to be x XOR C_(i-1) XOR C_(j-1). If his guess is correct, then C_j = Encrypt(P_j XOR C_(j-1)) = Encrypt(P_i XOR C_(i-1)) = C_i, and so he can confirm his guess by looking at whether C_j = C_i. The SSH2 protocol, when used with a block cipher in CBC mode, does allow the attacker to observe the last ciphertext block of a packet, which is then used as the (implicit) IV of the next packet. SSH2 also multiplexes multiple channels into one transport stream encrypted with a single key. This gives the attacker who can input data into one channel a chance to attack other channels. For example, the first 4 bytes of the plaintext of any packet consist of the packet length. Assuming that the SSH2 application has a maximum packet size of 2^16, the attacker is constrained to choosing a plaintext block that begins with two zero octects. This implies that the attacker would have to wait at least 2^16 packets on average before he has a chance to perform this attack. However even with this and other potential constraints it seems very possible for the attacker to succeed in some situations. The simplest way to do this would be to deprecate the CBC mode block ciphers, and instead specify ciphers in CFB, CTR or OFB mode. Currently, the only cipher defined in the SSH2 transport protocol draft that is not a block cipher in CBC mode is ARC4. Until this fix is implemented, users of SSH2 applications may want to consider switching to ARC4 for encryption.