mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Goldstein Lyor (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SSHD-934) Invalid public key encoding of certain ecdsa-sha2-nistpX host keys
Date Wed, 24 Jul 2019 17:09:00 GMT

    [ https://issues.apache.org/jira/browse/SSHD-934?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16892013#comment-16892013

Goldstein Lyor commented on SSHD-934:

Seems to me that these tests can easily be converted to actually save the information of the
suspected mismatched encoded in some way (e.g. the public key parameters). By attaching these
samples to the issue it would make it easier to diagnose and fix (if indeed there is a problem).

> Invalid public key encoding of certain ecdsa-sha2-nistpX host keys
> ------------------------------------------------------------------
>                 Key: SSHD-934
>                 URL: https://issues.apache.org/jira/browse/SSHD-934
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 1.2.0, 2.1.0
>            Reporter: Louis Berube
>            Priority: Major
>         Attachments: ECDSA-encode-decode-junit-fragment.txt
> There appears to be an error in encoding the public part of certain ECDSA host key values.
The bug has been found to affect the ecdsa-sha2-nistpX host key algorithms.
> The bug affects the different ECDSA host key types to different degrees. Usually when
one generates a host key value it will work okay. However, if one repeatedly generates new
host key values then eventually a value will be generated for which the encoding is not calculated
>  * For ecdsa-sha2-nistp512: within ~10 repetitions
>  * For ecdsa-sha2-nistp256: within ~200 repetitions
>  * For ecdsa-sha2-nistp384: within ~1000 repetitions
> The attached Junit test code fragment was used to generate the above statistics.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org

View raw message