On 28 April 2018 at 03:20, Hess THR <hessnovth...@mail.com> wrote: > Based on the: > > http://www.vegardno.net/2017/03/fuzzing-openssh-daemon-using-afl.html > > I tried to search for these code pieces (I know he was using openbsd-compat > and not the original OpenSSH code) but didn't found it, didn't even find > similar for disabling message CRCs:
Short answer: It's gone, you can ignore that part. Long answer: CRC32 was the message integrity method for SSH Protocol v1 and the last of the SSH1 code was removed[0] in the 7.6 release[1] (in part because CRC32 a weak integrity guarantee compared to a proper MAC). [0] https://github.com/openssh/openssh-portable/commit/3d6d09f2 [1] https://www.openssh.com/releasenotes.html#7.6 -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.