Differences
This shows you the differences between the selected revisions of the page.
2005-01-27 | 2005-04-05 | ||
"login dialog" removed from title (martin) | putty=>winscp (martin) | ||
Line 13: | Line 13: | ||
===== Chokes on SSH1 ignore messages ===== | ===== Chokes on SSH1 ignore messages ===== | ||
- | An ignore message (SSH_MSG_IGNORE) is a message in the SSH protocol which can be sent from the client to the server, or from the server to the client, at any time. Either side is required to ignore the message whenever it receives it. PuTTY uses ignore messages to hide the password packet in SSH1, so that a listener cannot tell the length of the user's password; it also uses ignore messages for [[ui_login_connection#keepaliaves|connection keepalives]]. | + | An ignore message (SSH_MSG_IGNORE) is a message in the SSH protocol which can be sent from the client to the server, or from the server to the client, at any time. Either side is required to ignore the message whenever it receives it. WinSCP uses ignore messages to hide the password packet in SSH1, so that a listener cannot tell the length of the user's password; it also uses ignore messages for [[ui_login_connection#keepaliaves|connection keepalives]]. |
If this bug is detected, WinSCP will stop using ignore messages. This means that keepalives will stop working, and WinSCP will have to fall back to a secondary defence against [[ui_login_bugs#refuses_all_ssh1_password_camouflage|SSH1 password-length eavesdropping]]. If this bug is enabled when talking to a correct server, the session will succeed, but keepalives will not work and the session might be more vulnerable to eavesdroppers than it could be. | If this bug is detected, WinSCP will stop using ignore messages. This means that keepalives will stop working, and WinSCP will have to fall back to a secondary defence against [[ui_login_bugs#refuses_all_ssh1_password_camouflage|SSH1 password-length eavesdropping]]. If this bug is enabled when talking to a correct server, the session will succeed, but keepalives will not work and the session might be more vulnerable to eavesdroppers than it could be. |