[cryptography] cryptography Digest, Vol 17, Issue 13

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sat Jul 9 22:35:01 EDT 2011

"Matthijs R. Koot" <koot at uva.nl> writes:

>A low-complexity alternative to SSH seems useful and might perhaps allow
>validation by formal methods...

Funny you should mention that, I suggested this to someone recently because 
it's something that's never been formally analysed and is likely an easy 
target for finding holes because of its baroque complexity (the draft points 
to some possible attack vectors in the "Rationale" sections, I'm sure there 
are plenty more).

>Is the unpublished draft open to the public?

You can get it from http://www.cs.auckland.ac.nz/~pgut001/pubs/simplessh.txt
(several people have asked about it, so I've posted it online).  The abstract

  The widespread adoption of SSH has seen the emergence of numerous SSH
  implementations, but also numerous interoperability problems among many of
  the non-mainstream versions.  This problem arises because the complexity and
  in places ambiguity of the specification makes it possible to create
  specification-compliant but non-interoperable implementations, and is
  exacerbated by the fact that in many cases where SSH is used, for example
  for the control interface of an embedded device or a Windows file transfer
  facility, the developers are required to implement a specification designed
  to provide a full-blown Unix VPN solution even though in their case they'll
  never use the majority of its facilities.

  This document describes a simplified profile of SSH that provides a standard
  minimal feature set for use in applications that just require a basic no-
  frills secure channel from A to B, building on a decade of SSH
  implementation experience to avoid known problem areas in the SSH protocol.
  As a side-effect this minimal profile reduces the large attack surface of
  SSH to a more manageable level by eliminating much of the complexity in the


More information about the cryptography mailing list