Flaw in encryption armor discovered

PH3N0M · May 20, 2009, 05:50 AM

An underlying flaw in the widely used encryption protocol Open Secure Shell (OpenSSH) has been made public by researchers from the Royal Holloway, University of London.

The flaw, which lies in version 4.7 of OpenSSH on Debian/GNU Linux, allows 32 bits of encrypted text to be rendered in plaintext, according to a research team from the Royal Holloway Information Security Group (ISG).

An attacker has a one in 262,144 chance of success. ISG lead professor Kenny Patterson told CNET News sister site ZDNet UK last Monday that the flaw is more significant than previous vulnerabilities in OpenSSH.
____________
Source: C|Net

May 20, 2009, 05:50 AM	#1
PH3N0M The Master of Sarcasm Join Date: Aug 2008 Location: The U.S. of A Posts: 348 Rep Power: 35 System Specs	Flaw in encryption armor discovered An underlying flaw in the widely used encryption protocol Open Secure Shell (OpenSSH) has been made public by researchers from the Royal Holloway, University of London. The flaw, which lies in version 4.7 of OpenSSH on Debian/GNU Linux, allows 32 bits of encrypted text to be rendered in plaintext, according to a research team from the Royal Holloway Information Security Group (ISG). An attacker has a one in 262,144 chance of success. ISG lead professor Kenny Patterson told CNET News sister site ZDNet UK last Monday that the flaw is more significant than previous vulnerabilities in OpenSSH. ____________ Source: C\|Net __________________ Last edited by MIG-31; May 20, 2009 at 07:32 AM.