search for: ciphertext

...s256-gcm at openssh.com` when a user provides a passphrase during export of an SSH private key). `PROTOCOL.key` specifies that the encrypted list of private keys is encoded as a `string` (u32 length followed by that many bytes). A plain reading of this specification is that this field contains the ciphertext for whatever encryption scheme is being used (so for the `none` scheme it is just the encoded plaintext, for `aes256-cbc` it is the AES256-CBC-encrypted ciphertext, and so on). However, when an AEAD is used, `ssh-keygen` does not encode the full AEAD ciphertext in the `string` field. Instead, the...

I see. From reading that wikipedia article, I'm wondering what gets compressed when compression is enabled in openssh. Is it the ciphertext or the cleartext? Regards, Mark On Fri, 2013-10-25 at 15:47 -0400, Daniel Kahn Gillmor wrote: > On 10/25/2013 03:23 PM, Mark E. Lee wrote: > > Thanks for the response, what kind of problematic interactions would > > occur (other than trying to compress seemingly random data)? >...

For the encryption functionality in the ZFS filesystem we use AES in CCM or GCM mode at the block level to provide confidentiality and authentication. There is also a SHA256 checksum per block (of the ciphertext) that forms a Merkle tree of all the blocks in the pool. Note that I have to store the full IV in the block. A block here is a ZFS block which is any power of two from 512 bytes to 128k (the default). The SHA256 checksums are used even for blocks in the pool that aren''t encrypted and...

...e disk: Clevis token ID, not keyslot | V # cryptsetup token export --token-id 0 /dev/sda2 {"type":"clevis","keyslots":["1"],"jwe":{"ciphertext":<....>,"encrypted_key":"","iv":<....>,"protected":<....>}} We then use the JOSE tool to extract the "jwe" field alone. I'm not clear if JOSE is necessary here, or we could use any other JSON tool. >From casual inspec...

...extension of the "Bleichenbacher attack" on RSA with PKCS #1 v1.5 padding as used in SSL 3.0 and TLS 1.0. Their attack requires the attacker to open millions of SSL/TLS connections to the server under attack; the server's behaviour when faced with specially made-up RSA ciphertexts can reveal information that in effect allows the attacker to perform a single RSA private key operation on a ciphertext of its choice using the server's RSA key. Note that the server's RSA key is not compromised in this attack. III. Impact RSA timing attack: An RSA pr...

I just want to encrypt a string submitted through a form before saving it to the DB. And then decrypt it again when I need to retrieve and use it. Im trying to use the OpenSSL::Cipher library. I have the following module for encryption/decryption [code] require ''openssl'' module AESCrypt # Decrypts a block of data (encrypted_data) given an encryption key # and an

...ailable Cygnus Solutions (http://www.cygnus.com/product/kerbnet-index.html) although ITAR restrictions may preclude its use in Portugal. The thing to keep in mind in password syncronization is that UNIX passwords and NT (not LanMan) passwords cannot be decrypted from their respective one-way hash ciphertexts. That is, you *cannot* convert through some function F: NT MD4 Hash = F(UNIX salted modified DES one-way hash); Not possible! or UNIX salted modified DES one-way hash = F(NT MD4 Hash); Not possible! [NOTE: You could probably brute-force the weaker LanMan passwords stored in the SAM back to pl...

...blematic interactions >> would occur (other than trying to compress seemingly random >> data)? > > e.g. https://en.wikipedia.org/wiki/CRIME or similar attacks where > the attacker can inject pre-defined cleartext into the channel and > can then observe length changes in the ciphertext to derive the > other (non-injected) contents of the cleartext. > > --dkg > > > > _______________________________________________ openssh-unix-dev > mailing list openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >

...st_data_len=17 in this case and get a wrong at then end. SRC: pp pp pp pp pp pp pp pp pp pp pp pp pp pp pp pp pp (17 bytes) EXP: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc pp (17 bytes) DST: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 00 (pollute the last bytes) (pp: plaintext cc:ciphertext) Fix this issue by limit the length of dest buffer. Fixes: dbaf0624ffa5 ("crypto: add virtio-crypto driver") Cc: Gonglei <arei.gonglei at huawei.com> Cc: Herbert Xu <herbert at gondor.apana.org.au> Cc: "Michael S. Tsirkin" <mst at redhat.com> Cc: Jason Wang &...

...st_data_len=17 in this case and get a wrong at then end. SRC: pp pp pp pp pp pp pp pp pp pp pp pp pp pp pp pp pp (17 bytes) EXP: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc pp (17 bytes) DST: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 00 (pollute the last bytes) (pp: plaintext cc:ciphertext) Fix this issue by limit the length of dest buffer. Fixes: dbaf0624ffa5 ("crypto: add virtio-crypto driver") Cc: Gonglei <arei.gonglei at huawei.com> Cc: Herbert Xu <herbert at gondor.apana.org.au> Cc: "Michael S. Tsirkin" <mst at redhat.com> Cc: Jason Wang &...

...st_data_len=17 in this case and get a wrong at then end. SRC: pp pp pp pp pp pp pp pp pp pp pp pp pp pp pp pp pp (17 bytes) EXP: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc pp (17 bytes) DST: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 00 (pollute the last bytes) (pp: plaintext cc:ciphertext) Fix this issue by limit the length of dest buffer. Fixes: dbaf0624ffa5 ("crypto: add virtio-crypto driver") Cc: Gonglei <arei.gonglei at huawei.com> Cc: Herbert Xu <herbert at gondor.apana.org.au> Cc: "Michael S. Tsirkin" <mst at redhat.com> Cc: Jason Wang &...

...st_data_len=17 in this case and get a wrong at then end. SRC: pp pp pp pp pp pp pp pp pp pp pp pp pp pp pp pp pp (17 bytes) EXP: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc pp (17 bytes) DST: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 00 (pollute the last bytes) (pp: plaintext cc:ciphertext) Fix this issue by limit the length of dest buffer. Fixes: dbaf0624ffa5 ("crypto: add virtio-crypto driver") Cc: Gonglei <arei.gonglei at huawei.com> Cc: Herbert Xu <herbert at gondor.apana.org.au> Cc: "Michael S. Tsirkin" <mst at redhat.com> Cc: Jason Wang &...

...st_data_len=17 in this case and get a wrong at then end. SRC: pp pp pp pp pp pp pp pp pp pp pp pp pp pp pp pp pp (17 bytes) EXP: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc pp (17 bytes) DST: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 00 (pollute the last bytes) (pp: plaintext cc:ciphertext) Fix this issue by limit the length of dest buffer. Fixes: dbaf0624ffa5 ("crypto: add virtio-crypto driver") Cc: Gonglei <arei.gonglei at huawei.com> Cc: Herbert Xu <herbert at gondor.apana.org.au> Cc: "Michael S. Tsirkin" <mst at redhat.com> Cc: Jason Wang &...

...ovide MD5 checksums. A patch file against the previous version is also available (60k), please ignore a possible patch error related to the w32-dll directory. News since 1.1.10: * Does not export internal symbols anymore (currently only for GNU systems) * New algorithm: MD4 * Implemented ciphertext stealing. * Smaller bugs fixes and a few new OIDs. * Interface changes relative to the 1.1.8 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gcry_cipher_cts NEW ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Merry Christmas and a happy New Year, Werner...

Hi,There is an alleged OpenSSH vulnerability, see http://www.cpni.gov.uk/Products/alerts/3718.aspx.According to this vulnerability an attacker can potentially recover 32 bits of plaintext from an arbitrary block of ciphertext. After having read the vulnerability note in more detail, my understanding is that the 32 bits of plaintext do not come from the exchange between the client and server of the attacked connection, but comes from random data inserted into the connection by the attacker. This means that no cleartext d...

Compression has some problematic interactions with encryption that OpenSSH seems to have handled far before anyone else (by having it off by default). On Thursday, October 24, 2013, Darren Tucker wrote: > On Thu, Oct 24, 2013 at 07:30:38PM -0400, Mark E. Lee wrote: > > I'm a long time user of openssh and I was wondering if there is any work > > towards supporting alternative

...re variable and depend on the key. Another very interesting possibility would have the key express the encryption method. In other words consider the key as the program, and the cipher simply as an interpreter, that follows the key''s instructions to scramble the plaintext or unscramble the ciphertext. This would call for large keys, but not larger than keys used in public key encryption. c) "Variable" ciphers. The idea here is to implement a cipher that incorporates a huge number of different encryption functions. The objective is to overwhelm the analytic capability of an attacker....

...the switch to TLS, it should discard the contents of the input buffer, just like it discards SMTP protocol information that it received during the plaintext protocol phase. Conclusion ========== This plaintext injection problem is likely to recur when some development moves the plaintext-to-ciphertext switch outside the application: for example, into the kernel, into the local hardware, into a proxy, or into other infrastructure. This encourages applications to use the same application-level streams and buffers and read/write functions before and after the switch to ciphertext. When this migrat...

...st_data_len=17 in this case and get a wrong at then end. SRC: pp pp pp pp pp pp pp pp pp pp pp pp pp pp pp pp pp (17 bytes) EXP: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc pp (17 bytes) DST: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 00 (pollute the last bytes) (pp: plaintext cc:ciphertext) Fix this issue by limit the length of dest buffer. Fixes: dbaf0624ffa5 ("crypto: add virtio-crypto driver") Cc: Gonglei <arei.gonglei at huawei.com> Cc: Herbert Xu <herbert at gondor.apana.org.au> Cc: "Michael S. Tsirkin" <mst at redhat.com> Cc: Jason Wang &...

...st_data_len=17 in this case and get a wrong at then end. SRC: pp pp pp pp pp pp pp pp pp pp pp pp pp pp pp pp pp (17 bytes) EXP: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc pp (17 bytes) DST: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 00 (pollute the last bytes) (pp: plaintext cc:ciphertext) Fix this issue by limit the length of dest buffer. Fixes: dbaf0624ffa5 ("crypto: add virtio-crypto driver") Cc: Gonglei <arei.gonglei at huawei.com> Cc: Herbert Xu <herbert at gondor.apana.org.au> Cc: "Michael S. Tsirkin" <mst at redhat.com> Cc: Jason Wang &...