> Maybe this was always clear, but along with that reassurance I guess
> you would recommend we all take your stated remedial action :
> [place] the following directive in sshd_config and ssh_config:
> "Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc"
> at the very next maintenance opportunity, on the grounds that it can't
> hurt, and can only help ?

It can possibly hurt very much - if ctr mode is subject to a
different vulnerablility. There has been much discussion of ctr mode having
*possible* issues, although nothing I know of published directly about ssh.

On the other hand, we have a national security agency who refuses
full disclosure, raising a vulnerability and pointing to a switch to
counter mode. Perhaps this is to prevent the low likelyhood but
possible attack they have found, or perhaps it is to encourage a hasty
switch to counter mode which is "more convenient for national security
reasons". I don't honestly know - the only REAL info on the subject I've
seen has come from djm.

You decide who you trust. personally, I won't be making that change
hastily anywhere - Nothing I have is directly threatened by this
attack, so I can wait until someone figures out the jist of it and
implents an appropriate countermeasure, and I see some legitimate peer
review on the topic as opposed to FUD spreading. I frankly trust the
OpenSSH developers a lot more than I trust ssh.com or a puppet state
"no such agency" acting as worn out lapdog for the sorts of people
that implement things like the patriot act. People who will not share
information with the developers of the software should always be
suspect. They have no reason not to without a hidden agenda.

-Bob

[ reply ]