Re: On why debugging OpenSSH can be so hard



Salut, Maurice,

On Tue, 1 Jul 2008 16:02:46 -0400, Maurice Volaski wrote:
It turns out it was intentionally presenting me with misinformation.
You see, there was no key file present where it was looking. I
thought it was looking in one place, but it was actually looking in
another.

Fail quietly, indeed! It's not simply doing this under ordinary
operation, but even in debug operation, even under debug level 3. In
the perfect place where it can tell us quite informatively what's
about to go wrong--there is nothing!

So in case you're wondering why debugging OpenSSH can be so hard, now
you know.

Please bear in mind that in the world of cryptography, the difference
between proper error messages and information disclosure
vulnerabilities is narrow, or only a nuance.

Tonnerre
--
SyGroup GmbH
Tonnerre Lombard

Solutions Systematiques
Tel:+41 61 333 80 33 Güterstrasse 86
Fax:+41 61 383 14 67 4053 Basel
Web:www.sygroup.ch tonnerre.lombard@xxxxxxxxxx

Attachment: signature.asc
Description: PGP signature