Re: Bug in scp v3.0.1

From: Nate Eldredge (neldredge@hmc.edu)
Date: 10/31/01 

From: Nate Eldredge <neldredge@hmc.edu>
Message-ID: <15328.28029.973192.733374@mercury.st.hmc.edu>
Date: Wed, 31 Oct 2001 13:30:37 -0800
To: "Jonathan A. Zdziarski" <jonathan@cafejesus.com>
Subject: Re: Bug in scp v3.0.1

Jonathan A. Zdziarski writes:
> I was scp'ing a 2MB file to my home computer over a DSL line and just
> happened to run top at the same time. I immediately noticed this line:
>
> 13864 root 1 30 0 2884K 1744K run 0:38 42.00% sshd2
>
> It appears that scp'ing a file over a slow connection causes the process to
> suck up a huge number of resources. There's most likely no usleep()
> somewhere it's needed. A couple scp's over slow connections could severely
> degrade the boxes performance.

I've noticed this but always assumed it was just that encryption is a
cpu-intensive operation, and that was how much CPU it took to encrypt
the data at the rate it was being sent. Are you sure it's using more
than it really needs?

Unless sshd was written by a completely insane person, it will encrypt
what data it has, then sleep in `read' or `select' waiting for more.
In this case it will use as much cpu as it takes to keep up with the
data. This seems perfectly reasonable to me. Encryption is a
cpu-intensive operation, and you have to pay the cycles somehow; might
as well take them when you need them.

`usleep' wouldn't be the fix, either; that would just slow down the
copying.

I'm not sure how this is a security issue, anyway; if someone can scp
files, then they can log in via ssh. So they could just run several
dozen processes doing `for(;;);'. That will likely degrade
performance a lot more.

> This test was performed on a Solaris 8_x86 machine.

How fast a machine? 38 seconds of cpu to encrypt 2 megs of data does
seem a bit high for modern machines. But on an older machine, I'd
believe it. 

-- 

Nate Eldredge
neldredge@hmc.edu

Relevant Pages

  • Re: Protecting Encryption Algorithms
    ... I suppose that a system with specialized hardware ... > sealed chip doesn't have to encrypt its data to/from its internal memory. ... sending the unencrypted code to the CPU. ... > The truth of this statement is dependent on what level of protection you ...
    (sci.crypt)
  • Re: Protecting Encryption Algorithms
    ... > I don't play a software engineer on TV, but I am one in real life. ... The CPU inside the ... sealed chip doesn't have to encrypt its data to/from its internal memory. ...
    (sci.crypt)
  • RE: Bug in scp v3.0.1
    ... However doing a truss on scp2, ... It looks like select is telling scp that there is at least one file ... There's most likely no usleep() ... Unless sshd was written by a completely insane person, it will encrypt ...
    (Bugtraq)
  • Re: (OT)(IT) Paging Shell Bods .. .
    ... install on his Mac, to be run whenever he wants, which will backup his ... stuff, zip it, encrypt it, and scp it to my server as an archive. ...
    (uk.rec.motorcycles)
  • Re: SSH
    ... Does SSH encrypt data being sent or is pre-encryption needed? ... SSH (and SSL, SCP, TLS, et al) encrypts data in transit only. ...
    (comp.sys.hp.mpe)
Loading