Anyone remember what the default is for OpenSSH (block or stream cipher type)?
UK security researchers have discovered hard-to-exploit cryptographic weaknesses in the Secure Shell (SSH) remote administration protocol. The shortcoming creates a potential means to recover the plain text of encrypted sessions, depending on remote access configurations. Potential attacks - which would take ninja-like hacking …
For openssh 3.9p1, 4.3p2 and 5.1p1 (the versions I have readily to hand) the default cipher would appear to be aes128-cbc. You can put a "Ciphers" stanza in you ~/.ssh/config to choose one of the stream ciphers -- see ssh_config(5). I've no idea what you do if you're using winders.
I expect there'll be a patch along shortly though.
The ninjas that can manage a man in the middle could possibly capture packets and decrypt them back to plain text. Which if they are lucky contains something nice to steal.
Sounds like a pretty limited flaw. I won't be going out of my way to fix it... I'll fix it by waiting for Debian to fix it for me ;-)
OpenSSH 9 is here, with updates aimed at dealing with cryptographically challenging quantum computers.
The popular open-source SSH implementation aims to provide secure communication in a potentially unsecure network environments. While version 9 is ostensibly focused on bug-fixing, there are some substantial changes lurking within that could catch the unwary, most notably, the switch from the legacy SCP/RCP protocol to SFTP by default.
The OpenSSH group warned the change was coming earlier this year, with a deprecation notice in February's version 8.9 release. Experimental support for transfers using the SFTP protocol as a replacement for the SCP/RCP protocol turned up in version 8.7 in August 2021 with the warning: "It is intended for SFTP to become the default transfer mode in the near future."
The OpenBSD Project has released version 7.1 of its eponymous OS for 13 different computer architectures, including Apple's M1 Macs.
OpenBSD is the security-focused member of the BSD family. Project leader Theo de Raadt co-founded the NetBSD project in 1993, but after disagreements with other core team members, he left and forked the NetBSD 1.0 codebase, releasing OpenBSD 1.2 in 1996. As a generalization, OpenBSD focuses on robustness and security, NetBSD focuses on supporting as many different platforms as possible, and FreeBSD focuses on providing a rich modern OS for the most popular platforms.
Version 7.1 is the 52nd release since then, in which time only two remote holes have been found in the default installation.
Biting the hand that feeds IT © 1998–2022