On Thu, 7 Feb 2002, Olaf Kirch wrote: > I understand the maths behind this, but I can't quite see a practical > attack. If the attacker wants to guess a plaintext block P_i > transmitted by the SSH client, he must feed his plaintext block > P_(i+1) to the ssh client on standard input, so that it is properly > encrypted and then transmitted. This implies a great deal of control > over the client process (such as the ability to write to the client's > standard input). > Maybe I'm dense, but I can't think of many scenarios where an attacker > can get this type of control. it is for the paranoid, however, i think its pretty easy to predict P_i based on the UNIX shell prompt, for example, or the /etc/motd banner. these strings haev a high degree of certainty of coming up, it would strike me, making this attack not as far fetched as i think you're seeing it. this is just my take on it, though, and i could be wrong. olaf, you're a far brighter guy at this than i am, so ... maybe i'm entirely off base. ____________________________ jose nazario joseat_private PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu)
This archive was generated by hypermail 2b30 : Thu Feb 07 2002 - 12:57:48 PST