Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FreeBSD Security> 2000-01

FreeBSD Security Archives: OpenSSH protocol 1.6 proposal

OpenSSH protocol 1.6 proposal

Subject: OpenSSH protocol 1.6 proposal
From: Brian Fundakowski Feldman (greenFreeBSD.org)
Date: Sat Jan 01 2000 - 12:49:22 CST

Next message: Keith Stevenson: "Re: OpenSSH protocol 1.6 proposal"
Previous message: Warner Losh: "Re: From BugTraq - FreeBSD 3.3 xsoldier root exploit (fwd)"
Next in thread: Keith Stevenson: "Re: OpenSSH protocol 1.6 proposal"
Reply: Keith Stevenson: "Re: OpenSSH protocol 1.6 proposal"
Reply: Dug Song: "Re: OpenSSH protocol 1.6 proposal"
Reply: Dan Moschuk: "Re: OpenSSH protocol 1.6 proposal"
Reply: Michael Robinson: "Re: OpenSSH protocol 1.6 proposal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I've been thinking what the best way to make OpenSSH more secure would be,
and now it seems to be a change in the protocol. What change? Well,
SSH version 1.5 and below (all versions so far) have been vulnerable to
attacks based upon properties of the highly insecure CRC32 hash used.
In my version 1.6, whose clients and servers are completely backward-
compatible, the insecure CRC method is replaced with a SHA-1 cryptographic
hash; in addition, even more security is afforded because the hash is
sent per packet using total collective data output from that side's
transmission. This should effectively negate any chances of e.g. playback
attacks, even if the malicious intercepter does manage to fool the
network stack into accepting his packets.
Thanks to peter and dan for the help they gave me for this. The
port-relative patch for this is located at:

http://www.FreeBSD.org/~green/openssh.SHA-1.patch
MD5 (public_html/openssh.SHA-1.patch) = e21a896f59474a31ab3b9103acf44c35

Let me know what you all think! I still haven't quite decided, but I
think packets which fail the SHA-1 test should be silently dropped, or
have a counter of them, rather than dropping the connection. Currently,
the connection is dropped and error messages displayed/transmitted. I
welcome input on that and all parts of this proposal :)

P.S.: I realize other people may have proposed something very similar.
        Indeed, markus's proposal may be something like this. However,
        since it's impossible to work with anyone who is Theo, or
        "under" Theo, it's unrealistic to work with that. Hence the
        reason we need to make a code fork of OpenSSH as soon as
        convenient.

-- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green

FreeBSD.org `------------------------------'

To Unsubscribe: send mail to majordomoFreeBSD.org with "unsubscribe freebsd-security" in the body of the message

Next message: Keith Stevenson: "Re: OpenSSH protocol 1.6 proposal"
Previous message: Warner Losh: "Re: From BugTraq - FreeBSD 3.3 xsoldier root exploit (fwd)"
Next in thread: Keith Stevenson: "Re: OpenSSH protocol 1.6 proposal"
Reply: Keith Stevenson: "Re: OpenSSH protocol 1.6 proposal"
Reply: Dug Song: "Re: OpenSSH protocol 1.6 proposal"
Reply: Dan Moschuk: "Re: OpenSSH protocol 1.6 proposal"
Reply: Michael Robinson: "Re: OpenSSH protocol 1.6 proposal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Sat Jan 01 2000 - 12:51:10 CST