Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/ssh: legacy cipher should implement padding oracle countermeasures #10756

Closed
hanwen opened this issue May 8, 2015 · 2 comments
Closed

x/crypto/ssh: legacy cipher should implement padding oracle countermeasures #10756

hanwen opened this issue May 8, 2015 · 2 comments
Labels
FrozenDueToAge
Milestone
Unreleased

Comments

@hanwen
Copy link
Contributor

hanwen commented May 8, 2015

It's probably worth implementing similar padding oracle countermeasures to OpenSSH. When OpenSSH detects a MAC failure, invalid packet length or invalid padding length for a CBC cipher, it keeps reading for an entire maximally-sized packet (less whatever has been read for the packet already). This deprives an attacker of feedback for guesses against the packet length given by the connection dropping.
@ianlancetaylor ianlancetaylor added this to the Unreleased milestone Jun 3, 2015
@hanwen
Copy link
Contributor Author

hanwen commented Jul 30, 2015

fixed in 9fb97e8

@hanwen hanwen closed this as completed Jul 30, 2015
@hanwen
Copy link
Contributor Author

hanwen commented Jul 30, 2015

https://go.googlesource.com/crypto/+/9fb97e878da8d908d467cb8c62408c93ed0107b9

@golang golang locked and limited conversation to collaborators Aug 5, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
3 participants
@hanwen @ianlancetaylor @gopherbot