[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#788783: openssh-client: uses MD5 for key fingerprints

On Wed, Jun 17, 2015 at 12:01:09PM +0100, Mark Wooding wrote:
> This is great, only collisions won't help you (much).

And then thinking about it more, we hit the problem that we do need a
fixed hash value (and therefore a second preimage attack), because the
chosen-prefix attacks modify both messages, not just one, so unless we
can convince the server to send a bogus key, we couldn't exploit it even
if OpenSSH did accept extra MPIs (which I thought it did because I
missed the code check and then messed up my Perl one-liner (parentheses,
I tell you!)).

I don't know where my brain has been these past few days.  Apologies for
the false alarm.
-- 
brian m. carlson
Release Marshal / cPanel, Inc.
c: +1 (832) 623-2791 / w: +1 (713) 529-0800 x4068
Reply to: