This is the mail archive of the
cygwin-talk
mailing list for the cygwin project.
RE: very poor cygwin scp performance in some situations
- From: Igor Peshansky <pechtcha at cs dot nyu dot edu>
- To: The Cygwin-Talk Maiming List <cygwin-talk at cygwin dot com>
- Date: Tue, 28 Mar 2006 10:51:24 -0500 (EST)
- Subject: RE: very poor cygwin scp performance in some situations
- References: <052b01c6527e$1d2ea170$a501a8c0@CAM.ARTIMI.COM>
- Reply-to: The Cygwin-Talk Malingering List <cygwin-talk at cygwin dot com>
- Reply-to: The Cygwin-Talk Malingering List <cygwin-talk at cygwin dot com>
On Tue, 28 Mar 2006, Dave Korn wrote:
> On 28 March 2006 16:32, Igor Peshansky wrote:
>
> >
> > I did read it. The HSN patch is *much* more drastic than what I was
> > proposing. Maybe I'm dense, but I don't see any impact on security from
> > changing the buffer size (as long as buffer overflows are properly
> > addressed). After all, that buffer is used to store *encrypted* data,
> > right?
>
> Trying to make inferences about these sorts of matters is incredibly
> difficult.
>
> For instance, upping the buffer size to 64k might amplify the timing
> differences between successfully and unsuccessfully decrypted blocks enough to
> form a side-channel attack.
>
> Or it might not, but the point is, that the kind of thing that looks like a
> direct and simple replacement of X for Y can have all sorts of unexpected
> knock-on consequences in crypto systems.
>
> The SSH guys are probably right to err heavily on the side of caution.
Thanks for TITTTLing this. In any case, I'm sure if I post something to
the openssh list, I'll get a detailed explanation of why I'm a naïve
newbie with no understanding of the security issues involved, plus the
full list of those issues. At which point I'll crawl back into my hole to
digest it... :-)
Igor
--
http://cs.nyu.edu/~pechtcha/
|\ _,,,---,,_ pechtcha@cs.nyu.edu | igor@watson.ibm.com
ZZZzz /,`.-'`' -. ;-;;,_ Igor Peshansky, Ph.D. (name changed!)
|,4- ) )-,_. ,\ ( `'-' old name: Igor Pechtchanski
'---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow!
"Las! je suis sot... -Mais non, tu ne l'es pas, puisque tu t'en rends compte."
"But no -- you are no fool; you call yourself a fool, there's proof enough in
that!" -- Rostand, "Cyrano de Bergerac"