[Ach] OpenSSH ETM implementation error

Aaron Zauner azet at azet.org
Tue Jun 21 22:52:08 CEST 2016

> On 21 Jun 2016, at 22:18, Alexander Wuerstlein <arw at cs.fau.de> wrote:
> On 2016-06-21T09:18, Aaron Zauner <azet at azet.org> wrote:
>>> On 21 Jun 2016, at 14:55, Aaron Zauner <azet at azet.org> wrote:
>>> Hi,
>>> Our recommendations go with EtM in OpenSSH, Kenny Paterson published this slide deck recently: http://www.turing-gateway.cam.ac.uk/documents/tgmw35/Kenny%20Paterson.pdf
>>> They identify a CBC timing oracle (not much used anymore) but more importantly: they identify a error in the generic Encrypt-then-Mac implementation in OpenSSH which is used quite a lot. I'm not aware of upstream patches.
>> Follow-up: https://twitter.com/kennyog/status/745153366699827205
> Is there any more specific description of the problem? Somehow I can't
> really make sense of the slides regarding EtM problems, there are
> references to papers, e.g. on slide 56, but I can't even find the paper.
> Let alone make sense of the slides.

I believe this paper is yet to be published.

The slides pretty much tell what the problem here is but apparently they could not actively exploit it.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20160622/683930dd/attachment.sig>

More information about the Ach mailing list