mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Goldstein Lyor (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SSHD-330) Handshake fails (wrong shared secret) 1 out of 256 times
Date Wed, 01 Jul 2015 13:21:05 GMT

    [ https://issues.apache.org/jira/browse/SSHD-330?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14610218#comment-14610218
] 

Goldstein Lyor commented on SSHD-330:
-------------------------------------

Improved _AbstractDH#stripLeadingZeros_ to clone the array only if 1st byte is non-zero

> Handshake fails (wrong shared secret) 1 out of 256 times
> --------------------------------------------------------
>
>                 Key: SSHD-330
>                 URL: https://issues.apache.org/jira/browse/SSHD-330
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 0.11.0
>            Reporter: Pasi Eronen
>            Assignee: Guillaume Nodet
>             Fix For: 0.12.0, 0.9.1
>
>
> The shared secret returned by KeyAgreement.generateSecret() is a byte array, which can
(by chance, roughly 1 out of 256 times) begin with zero byte. In SSH, the shared secret is
an integer, so we need to strip the leading zero(es).
> Some JCE providers might strip leading zeroes, though. SunJCE used to do this in Java
6, I think, but not anymore in Java 7 -- and there was an almost identical bug (handshake
fails 1 out of 256 times) in Java's SSL/TLS implementation in early Java 7 versions (see http://bugs.java.com/view_bug.do?bug_id=8014618).
> Pull request here:
> https://github.com/apache/mina-sshd/pull/5
> How to reproduce with OpenSSH client (assuming Mina SSH server running in port 9922):
> for x in {1..500}; do sshpass -p wrong ssh -p9922 -oKexAlgorithms=diffie-hellman-group-exchange-sha1
someuser@localhost; done 
> for x in {1..500}; do sshpass -p wrong ssh -p9922 -oKexAlgorithms=ecdh-sha2-nistp256
someuser@localhost; done 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message