Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
x/crypto/ssh: legacy cipher should implement padding oracle countermeasures #10756
It's probably worth implementing similar padding oracle countermeasures to OpenSSH. When OpenSSH detects a MAC failure, invalid packet length or invalid padding length for a CBC cipher, it keeps reading for an entire maximally-sized packet (less whatever has been read for the packet already). This deprives an attacker of feedback for guesses against the packet length given by the connection dropping.