PuTTY bug ssh2.0.11-keyderive-nonbug

This is a mirror. The primary PuTTY web site can be found here.

Home | Licence | FAQ | Docs | Download | Keys | Links
Mirrors | Updates | Feedback | Changes | Wishlist | Team

summary: SSH 2.0.11 apparently doesn't have key-derivation bug
class: bug: This is clearly an actual problem we want fixed.
difficulty: fun: Just needs tuits, and not many of them.
priority: medium: This should be fixed one day.
present-in: 0.53 2002-10-07 0.53b 2003-02-14
fixed-in: 2003-02-19 (0.54) (0.55) (0.56) (0.57) (0.58) (0.59) (0.60) (0.61) (0.62) (0.63) (0.64)

Apparently, while PuTTY believes that SSH 2.0.1[01]* have the SSH-2 key-derivation bug, 2.0.11 on Solaris/SPARC 2.5.1 doesn't, and this causes the expected decryption failures. The current OpenSSH code suggests that the bug is only present in versions before SSH 2.0.11. It looks like the fix for ssh2-keyderive-nonbug had an off-by-one error.

Ref: <000a01c2d422$ceef21b0$b78401c1@common> et seq.

Audit trail for this bug.


If you want to comment on this web site, see the Feedback page.
(last revision of this bug record was at 2008-02-10 14:42:39 +0000)