mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pasi Eronen (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (SSHD-330) Handshake fails (wrong shared secret) 1 out of 256 times
Date Thu, 12 Jun 2014 09:30:02 GMT

     [ https://issues.apache.org/jira/browse/SSHD-330?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Pasi Eronen updated SSHD-330:
-----------------------------

    Description: 
The shared secret returned by KeyAgreement.generateSecret() is a byte array, which can (by
chance, roughly 1 out of 256 times) begin with zero byte. In SSH, the shared secret is an
integer, so we need to strip the leading zero(es).

Some JCE providers might strip leading zeroes, though. SunJCE used to do this in Java 6, I
think, but not anymore in Java 7 -- and there was an almost identical bug (handshake fails
1 out of 256 times) in Java's SSL/TLS implementation in early Java 7 versions (see http://bugs.java.com/view_bug.do?bug_id=8014618).

Pull request here:
https://github.com/apache/mina-sshd/pull/5

How to reproduce with OpenSSH client (assuming Mina SSH server running in port 9922):

for x in {1..500}; do sshpass -p wrong ssh -p9922 -oKexAlgorithms=diffie-hellman-group-exchange-sha1
someuser@localhost; done 

for x in {1..500}; do sshpass -p wrong ssh -p9922 -oKexAlgorithms=ecdh-sha2-nistp256 someuser@localhost;
done 


  was:

The shared secret returned by KeyAgreement.generateSecret() is a byte array, which can (by
chance, roughly 1 out of 256 times) begin with zero byte. In SSH, the shared secret is an
integer, so we need to strip the leading zero(es).

Some JCE providers might strip leading zeroes, though. SunJCE used to do this in Java 6, I
think, but not anymore in Java 7 -- and there was an almost identical bug (handshake fails
1 out of 256 times) in Java's SSL/TLS implementation in early Java 7 versions (see http://bugs.java.com/view_bug.do?bug_id=8014618).

How to reproduce with OpenSSH client (assuming Mina SSH server running in port 9922):

for x in {1..500}; do sshpass -p wrong ssh -p9922 -oKexAlgorithms=diffie-hellman-group-exchange-sha1
someuser@localhost; done 

for x in {1..500}; do sshpass -p wrong ssh -p9922 -oKexAlgorithms=ecdh-sha2-nistp256 someuser@localhost;
done 



> Handshake fails (wrong shared secret) 1 out of 256 times
> --------------------------------------------------------
>
>                 Key: SSHD-330
>                 URL: https://issues.apache.org/jira/browse/SSHD-330
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 0.11.0
>            Reporter: Pasi Eronen
>
> The shared secret returned by KeyAgreement.generateSecret() is a byte array, which can
(by chance, roughly 1 out of 256 times) begin with zero byte. In SSH, the shared secret is
an integer, so we need to strip the leading zero(es).
> Some JCE providers might strip leading zeroes, though. SunJCE used to do this in Java
6, I think, but not anymore in Java 7 -- and there was an almost identical bug (handshake
fails 1 out of 256 times) in Java's SSL/TLS implementation in early Java 7 versions (see http://bugs.java.com/view_bug.do?bug_id=8014618).
> Pull request here:
> https://github.com/apache/mina-sshd/pull/5
> How to reproduce with OpenSSH client (assuming Mina SSH server running in port 9922):
> for x in {1..500}; do sshpass -p wrong ssh -p9922 -oKexAlgorithms=diffie-hellman-group-exchange-sha1
someuser@localhost; done 
> for x in {1..500}; do sshpass -p wrong ssh -p9922 -oKexAlgorithms=ecdh-sha2-nistp256
someuser@localhost; done 



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message