PuTTY wish ssh2-sequence-wrap

Home | Licence | FAQ | Docs | Download | Keys | Links
Mirrors | Updates | Feedback | Changes | Wishlist | Team

summary: SSH-2 replay attacks should be avoided
class: wish: This is a request for an enhancement.
difficulty: tricky: Needs many tuits.
priority: low: We aren't sure whether to fix this or not.
present-in: 2005-01-17
fixed-in: 2005-01-29 (0.58) (0.59) (0.60) (0.61) (0.62)

Bellare et al note that if the sequence number for SSH-2 MACs repeats itself without an intervening rekey, all sorts of attacks become possible. If PuTTY were particularly paranoid, it could force a re-key before this happens, and even kill the connection if the sequence number did wrap around. More polite would probably be a note in the documentation that turning off traffic-based re-keying is a very bad idea and to accept the worse-than-it-could-be security of connections to servers that can't re-key.

Audit trail for this wish.


If you want to comment on this web site, see the Feedback page.
(last revision of this bug record was at 2005-03-10 16:36:42 +0000)