 |
|
| FriendFeed is the easiest way to share online. Learn more » |
LANjackal to LANjackal's feed, TheNextWeb Forum, Coming Up NOW
Flaw in encryption armor discovered | Security - CNET News - http://news.cnet.com/8301-10...
May 19
from Bookmarklet
- Comment
- Like
- Share
Paul Buchheit, Mitchell Tsai, Bluesun 2600 and 4 other people liked this
The flaw, which lies in version 4.7 of OpenSSH on Debian/GNU Linux, allows 32 bits of encrypted text to be rendered in plaintext, according to a research team from the Royal Holloway Information Security Group (ISG).
- LANjackal
from Bookmarklet
Ok, too bad the latest edition of OpenSSH is version 5.2. "Patterson said his group had worked with OpenSSH developers to mitigate the flaw, and that OpenSSH version 5.2 contained countermeasures."
- Wizetux
@Wizetux: True, but AFAIK not all distros/OSes that use OpenSSH incorporate the latest version. I'm pretty sure there're quite a few LTS installations out there running the insecure one.
- LANjackal
True, but seeing that an attacker has a one in 262,144 chance of success, I still feel pretty safe using OpenSSH.
- Wizetux
@Wizetux: True, but that doesn't change the fact that the flaw exists. I see your point though.
- LANjackal
And you can always compile and use the latest version on any distro.
- Wizetux
Thanks for the security update!
- Mitchell Tsai
np
- LANjackal