PuTTY bug ssh2.0.11-keyderive-nonbug

This is a mirror. Follow this link to find the primary PuTTY web site.

Home | FAQ | Feedback | Licence | Updates | Mirrors | Keys | Links | Team
Download: Stable · Snapshot | Docs | Changes | Wishlist

summary: SSH 2.0.11 apparently doesn't have key-derivation bug
class: bug: This is clearly an actual problem we want fixed.
difficulty: fun: Just needs tuits, and not many of them.
priority: medium: This should be fixed one day.
present-in: 0.53 2002-10-07 0.53b 2003-02-14
fixed-in: 2003-02-19 2bb23257f213413feaa92edfed5f5c5b8dc669dd (0.54)

Apparently, while PuTTY believes that SSH 2.0.1[01]* have the SSH-2 key-derivation bug, 2.0.11 on Solaris/SPARC 2.5.1 doesn't, and this causes the expected decryption failures. The current OpenSSH code suggests that the bug is only present in versions before SSH 2.0.11. It looks like the fix for ssh2-keyderive-nonbug had an off-by-one error.

Ref: <000a01c2d422$ceef21b0$b78401c1@common> et seq.

If you want to comment on this web site, see the Feedback page.
Audit trail for this bug.
(last revision of this bug record was at 2021-07-03 11:50:19 +0100)