OpenSSH chink bares encrypted data packets
May 19, 2009, 18:02 (4 Talkback[s])
(Other stories by Dan Goodin)
WEBINAR: On-demand Event
Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >
"All programs that incorporate the OpenSSH implementation of
SSH, short for Secure Shell, should make sure they use version 5.2,
which provides several countermeasures to prevent the attacks.
Other SSH implementations may be vulnerable as well, the
researchers from the Information Security Group at the University
of London's Royal Holloway said.
"The attack exploits subtle differences in the way SSH software
reacts when encountering errors during cryptographic processing. By
directing specially manipulated packets at the application, an
attacker has a one in 262,144 chance of recovering 32 bits of
plaintext from an arbitrary chunk of ciphertext."