Displaying 3 results from an estimated 3 matches for "vulnerability_advisory_ssh".
2015 Jun 15
5
OpenSSH and CBC
...is a vulnerability with ALL CBC
mode ciphers.
The OpenSSH team also suggests a mitigation in which the CTR mode
ciphers "may be preferentially selected" first in the ssh[d]_config files:
Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc
http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
https://packetstormsecurity.com/files/72061/Vulnerability_Advisory_SSH.txt.html
http://www.cs.washington.edu/homes/yoshi/papers/TISSEC04/
https://homes.cs.washington.edu/~yoshi/papers/TISSEC04/ssh-acmccs.pdf
http://isg.rhul.ac.uk/~kp/SandPfinal.pdf
https://lwn.net/Articles/307873/
http://www....
2008 Nov 21
0
OpenSSH security advisory: cbc.adv
...es128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc
A future version of OpenSSH may make CTR mode ciphers the default and/or
implement other countermeasures, but at present we do not feel that this
issue is serious enough to make an emergency release.
-d
[1] http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
[2] http://www.cs.washington.edu/homes/yoshi/papers/TISSEC04/
2008 Nov 21
3
OpenSSH security advisory: cbc.adv
...es128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc
A future version of OpenSSH may make CTR mode ciphers the default and/or
implement other countermeasures, but at present we do not feel that this
issue is serious enough to make an emergency release.
-d
[1] http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
[2] http://www.cs.washington.edu/homes/yoshi/papers/TISSEC04/