You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Goldstein Lyor (JIRA)" <ji...@apache.org> on 2014/10/07 11:40:34 UTC
[jira] [Updated] (SSHD-357) ARCFOUR 128/256 ciphers initialization
incorrect - always fails
[ https://issues.apache.org/jira/browse/SSHD-357?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Goldstein Lyor updated SSHD-357:
--------------------------------
Attachment: 0003-SSHD-357-ARCFOUR-128-256-ciphers-initialization-inco.patch
Recommend code patch (including jUnit tests)
> ARCFOUR 128/256 ciphers initialization incorrect - always fails
> ---------------------------------------------------------------
>
> Key: SSHD-357
> URL: https://issues.apache.org/jira/browse/SSHD-357
> Project: MINA SSHD
> Issue Type: Bug
> Reporter: Goldstein Lyor
> Fix For: 0.13.0
>
> Attachments: 0003-SSHD-357-ARCFOUR-128-256-ciphers-initialization-inco.patch
>
>
> The ARCFOUR128/256 ciphers inherit the default _BaseCipher#init_ implementation which creates an initialization vector. For RC4, this is not required - and indeed causes _java.security.InvalidAlgorithmParameterException: Parameters not supported_ when the cipher is initialized - even though everything is in order (e.g., see what happens when _SshServer#setUpDefaultCiphers_ is run). This means that these RC4 ciphers are *never* available. The fix (see attached patch file) is to override the _init_ method and provide only a key.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)