Sciweavers

SP
2009
IEEE

Plaintext Recovery Attacks against SSH

14 years 7 months ago
Plaintext Recovery Attacks against SSH
This paper presents a variety of plaintext-recovering attacks against SSH. We implemented a proof of concept of our attacks against OpenSSH, where we can verifiably recover 14 bits of plaintext from an arbitrary block of ciphertext with probability 2−14 and 32 bits of plaintext from an arbitrary block of ciphertext with probability 2−18 . These attacks assume the default configuration of a 128-bit block cipher operating in CBC mode. The paper explains why a combination of flaws in the basic design of SSH leads implementations such as OpenSSH to be open to our attacks, why current provable security results for SSH do not cover our attacks, and how the attacks can be prevented in practice.
Martin R. Albrecht, Kenneth G. Paterson, Gaven J.
Added 21 May 2010
Updated 21 May 2010
Type Conference
Year 2009
Where SP
Authors Martin R. Albrecht, Kenneth G. Paterson, Gaven J. Watson
Comments (0)