Rocksolid Light

Welcome to Rocksolid Light

mail  files  register  newsreader  groups  login

Message-ID:  

"When in doubt, print 'em out." -- Karl's Programming Proverb 0x7

devel / sci.crypt / SSH man in the middle attack with Terrapin

SubjectAuthor
* SSH man in the middle attack with TerrapinJan Panteltje
`- SSH man in the middle attack with Terrapinimmibis

1
SSH man in the middle attack with Terrapin

<ults09$3o2l$1@solani.org>

  copy mid

http://rslight.i2p/devel/article-flat.php?id=711&group=sci.crypt#711

  copy link   Newsgroups: sci.crypt
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!not-for-mail
From: alien@comet.invalid (Jan Panteltje)
Newsgroups: sci.crypt
Subject: SSH man in the middle attack with Terrapin
Date: Wed, 20 Dec 2023 04:53:29 GMT
Message-ID: <ults09$3o2l$1@solani.org>
MIME-Version: 1.0
Content-Type: text/plain; ISO-8859-15
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 20 Dec 2023 04:53:29 -0000 (UTC)
Injection-Info: solani.org;
logging-data="122965"; mail-complaints-to="abuse@news.solani.org"
User-Agent: NewsFleX-1.5.7.5 (Linux-5.15.32-v7l+)
Cancel-Lock: sha1:hAJJdK+Q/758CUb0IqohXPkz3OQ=
X-User-ID: eJwNw4ENACEIA8CVRFqEcRBh/xH+LzmqidWB0cDhnEK+7a8l2Ay/yzxtBL3hmuaVpGpQCPTyJbj9v6FHpPYHP44Ucg==
X-Newsreader-location: NewsFleX-1.5.7.5 (c) 'LIGHTSPEED' off line news reader for the Linux platform
NewsFleX homepage: http://www.panteltje.nl/panteltje/newsflex/ and ftp download ftp://sunsite.unc.edu/pub/linux/system/news/readers/
 by: Jan Panteltje - Wed, 20 Dec 2023 04:53 UTC

SSH protects the world’s most sensitive networks.
It just got a lot weaker:
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/

Re: SSH man in the middle attack with Terrapin

<ulu852$ftjk$1@dont-email.me>

  copy mid

http://rslight.i2p/devel/article-flat.php?id=712&group=sci.crypt#712

  copy link   Newsgroups: sci.crypt
Path: i2pn2.org!i2pn.org!news.neodome.net!news.mixmin.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: news@immibis.com (immibis)
Newsgroups: sci.crypt
Subject: Re: SSH man in the middle attack with Terrapin
Date: Wed, 20 Dec 2023 09:20:41 +0100
Organization: A noiseless patient Spider
Lines: 13
Message-ID: <ulu852$ftjk$1@dont-email.me>
References: <ults09$3o2l$1@solani.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 20 Dec 2023 08:20:50 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="0c9b0263d041c2206f2ebf05eb4fcff0";
logging-data="521844"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+2i9Ujv7nOdJj9KHJcUMUn"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.14.0
Cancel-Lock: sha1:0vpUmx57RUBcxwm3GEhw0VY4gXM=
In-Reply-To: <ults09$3o2l$1@solani.org>
Content-Language: en-US
 by: immibis - Wed, 20 Dec 2023 08:20 UTC

On 12/20/23 05:53, Jan Panteltje wrote:
> SSH protects the world’s most sensitive networks.
> It just got a lot weaker:
> https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/

It's important to understand the scope of the attack - it allows full
MITM attackers to discard a certain number of messages from the
beginning of the connection. Not good, and should be fixed, but not
world-ending either.

The given example is that the attacker can drop the server's extension
list, so the client will think it doesn't support any extensions. None
of the currently registered extensions seem to be security-critical.

devel / sci.crypt / SSH man in the middle attack with Terrapin

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor