Skip Navigation

Linux @lemmy.ml

Karna @lemmy.ml

1y ago

SSH protects the world’s most sensitive networks. It just got a lot weaker

arstechnica.com SSH protects the world’s most sensitive networks. It just got a lot weaker

Novel Terrapin attack uses prefix truncation to downgrade the security of SSH channels.

SSH protects the world’s most sensitive networks. It just got a lot weaker

Technology @lemmy.ml

ruplicant @sh.itjust.works

1y ago

SSH protects the world’s most sensitive networks. It just got a lot weaker | ArsTechnica

arstechnica.com /security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/

59 11

Technology @lemmy.world

Eager Eagle @lemmy.world

1y ago

SSH protects the world’s most sensitive networks. It just got a lot weaker

arstechnica.com /security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/

97 26

Hacker News @derp.foo

haxor @derp.foo

1y ago

SSH protects the most sensitive networks. It just got a lot weaker

arstechnica.com /security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/

3 1

You're viewing a single thread.

31 comments

ChaCha20-Poly1305 and CBC with Encrypt-then-MAC ciphers are vulnerable to a MITM attack.
Saved you a click.
- Why use CBC too? Cha-Cha20-Poly1305 is an AEAD, so both an assymetric plus a symmetric stream cipher.
  
  Just checked my own sshd configs and I don't use CBC in them. I've based the kex/cipher/Mac configs off of cipherlist.eu and the mozilla docs current standards. Guess it pays to never use default configs for sshd if it's ever exposed to the Internet.
  Edit: I read it wrong. It's chacha20 OR CBC. I rely heavily on the former with none of the latter.
  
  Ah thanks! Didn't catch that.
- I thought most SSH servers default to some AES-based cypher like most other programs. Is that not the case?

31 comments