Compression has some problematic interactions with encryption that OpenSSH seems to have handled far before anyone else (by having it off by default). On Thursday, October 24, 2013, Darren Tucker wrote:> On Thu, Oct 24, 2013 at 07:30:38PM -0400, Mark E. Lee wrote: > > I'm a long time user of openssh and I was wondering if there is any work > > towards supporting alternative compression methods in openssh like LZ4? > > not that I've heard of. > > -- > Darren Tucker (dtucker at zip.com.au) > GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 > Good judgement comes with experience. Unfortunately, the experience > usually comes from bad judgement. > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org <javascript:;> > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >
Thanks for the response, what kind of problematic interactions would occur (other than trying to compress seemingly random data)? Regards, Mark On Fri, 2013-10-25 at 04:02 -0400, Dan Kaminsky wrote:> Compression has some problematic interactions with encryption that > OpenSSH seems to have handled far before anyone else (by having it off > by default). > > On Thursday, October 24, 2013, Darren Tucker wrote: > On Thu, Oct 24, 2013 at 07:30:38PM -0400, Mark E. Lee wrote: > > I'm a long time user of openssh and I was wondering if there > is any work > > towards supporting alternative compression methods in > openssh like LZ4? > > not that I've heard of. > > -- > Darren Tucker (dtucker at zip.com.au) > GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 > 8FF4 FA69 > Good judgement comes with experience. Unfortunately, the > experience > usually comes from bad judgement. > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev-- Mark E. Lee <mark at markelee.com> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 230 bytes Desc: This is a digitally signed message part URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20131025/391fb3fa/attachment.bin>
On 10/25/2013 03:23 PM, Mark E. Lee wrote:> Thanks for the response, what kind of problematic interactions would > occur (other than trying to compress seemingly random data)?e.g. https://en.wikipedia.org/wiki/CRIME or similar attacks where the attacker can inject pre-defined cleartext into the channel and can then observe length changes in the ciphertext to derive the other (non-injected) contents of the cleartext. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1027 bytes Desc: OpenPGP digital signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20131025/f819e912/attachment.bin>