On Thu, 7 Feb 2002, Olaf Kirch wrote:

> I understand the maths behind this, but I can't quite see a practical
> attack. If the attacker wants to guess a plaintext block P_i
> transmitted by the SSH client, he must feed his plaintext block
> P_(i+1) to the ssh client on standard input, so that it is properly
> encrypted and then transmitted. This implies a great deal of control
> over the client process (such as the ability to write to the client's
> standard input).

> Maybe I'm dense, but I can't think of many scenarios where an attacker
> can get this type of control.

it is for the paranoid, however, i think its pretty easy to predict P_i
based on the UNIX shell prompt, for example, or the /etc/motd banner.
these strings haev a high degree of certainty of coming up, it would
strike me, making this attack not as far fetched as i think you're seeing
it.

this is just my take on it, though, and i could be wrong. olaf, you're a
far brighter guy at this than i am, so ... maybe i'm entirely off base.

____________________________
jose nazario josecwru.edu
                           PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]