Re: [SECURITY] [DSA 1571-1] vulnerability of past SSH/SSL sessions
On Wed, 14 May 2008, Micah Anderson wrote:
> authenticity of the server. In other words, ssh sessions are not
> compromised just because an adversary has the host keys (unless a MITM
> is setup, in which case you need bot the host key and the authentication
> key to perform a mitm attack).
Ok. But I do have one doubt: does the RNG bug affect SSH session IV
generation?
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
Reply to: