[cryptography] cryptography Digest, Vol 17, Issue 13
pgut001 at cs.auckland.ac.nz
Sat Jul 9 22:35:01 EDT 2011
"Matthijs R. Koot" <koot at uva.nl> writes:
>A low-complexity alternative to SSH seems useful and might perhaps allow
>validation by formal methods...
Funny you should mention that, I suggested this to someone recently because
it's something that's never been formally analysed and is likely an easy
target for finding holes because of its baroque complexity (the draft points
to some possible attack vectors in the "Rationale" sections, I'm sure there
are plenty more).
>Is the unpublished draft open to the public?
You can get it from http://www.cs.auckland.ac.nz/~pgut001/pubs/simplessh.txt
(several people have asked about it, so I've posted it online). The abstract
The widespread adoption of SSH has seen the emergence of numerous SSH
implementations, but also numerous interoperability problems among many of
the non-mainstream versions. This problem arises because the complexity and
in places ambiguity of the specification makes it possible to create
specification-compliant but non-interoperable implementations, and is
exacerbated by the fact that in many cases where SSH is used, for example
for the control interface of an embedded device or a Windows file transfer
facility, the developers are required to implement a specification designed
to provide a full-blown Unix VPN solution even though in their case they'll
never use the majority of its facilities.
This document describes a simplified profile of SSH that provides a standard
minimal feature set for use in applications that just require a basic no-
frills secure channel from A to B, building on a decade of SSH
implementation experience to avoid known problem areas in the SSH protocol.
As a side-effect this minimal profile reduces the large attack surface of
SSH to a more manageable level by eliminating much of the complexity in the
More information about the cryptography