On 2017-01-03 13:07:38, Zed Pobre wrote: > I'm also having this problem. Some searching shows that the pycrypto > folks believe that this should be fixed in paramiko: > > https://github.com/dlitz/pycrypto/issues/149 > > A fellow who found a workaround on the paramiko side notes that the > pycrypto comments in AES.py are wrong now: > > > http://uucode.com/blog/2015/02/20/workaround-for-ctr-mode-needs-counter-parameter-not-iv/ > > Despite that, I think I agree that paramiko needs to change. The > problem is that this is a stable distribution, and the patch that > causes this problem, used to fix #849495, is really just attempting to > prevent bad usage by other programs, not inherently fixing a security > flaw. In addition, the CTR component isn't actually dangerous, just > "confusing". > > I propose that you remove the following from src/block_template.c: > > ++ if (IVlen != 0 && mode == MODE_CTR) > ++ { > ++ PyErr_Format(PyExc_ValueError, > ++ "CTR mode needs counter parameter, not IV"); > ++ return NULL; > ++ }
No, dropping thas would open up the vulnerability again. For jessie the exception was downgraded to a warning and IVlen set to 0. For wheezy LTS I sent the updated patch to Chris Lamb (CCed). I'd expect an update there soon. Regards > Leave the rest. That will still force it to die on the more dangerous > ECB misuse, but doesn't cause unexpected breakage in other packages > that are relying on being able to take shortcuts sending an IV string > even where one isn't needed. > > Regards, > Zed -- Sebastian Ramacher
signature.asc
Description: PGP signature