Bug#788783: openssh-client: uses MD5 for key fingerprints
On Wed, Jun 17, 2015 at 12:01:09PM +0100, Mark Wooding wrote:
> This is great, only collisions won't help you (much).
And then thinking about it more, we hit the problem that we do need a
fixed hash value (and therefore a second preimage attack), because the
chosen-prefix attacks modify both messages, not just one, so unless we
can convince the server to send a bogus key, we couldn't exploit it even
if OpenSSH did accept extra MPIs (which I thought it did because I
missed the code check and then messed up my Perl one-liner (parentheses,
I tell you!)).
I don't know where my brain has been these past few days. Apologies for
the false alarm.
--
brian m. carlson
Release Marshal / cPanel, Inc.
c: +1 (832) 623-2791 / w: +1 (713) 529-0800 x4068
Reply to: