Vulnerability in rclone crypt algo?

Got a security note from Bitvise regarding ChaCha20-Poly1305.
As you're using Poly1305 as well please have a look it doesn't affect rclone encryption as well (I simply dunno, am no crypto genius).

Bitvises text:

Researchers have identified an issue where all SSH connections which use the encryption algorithm ChaCha20-Poly1305, or any integrity algorithm of type Encrypt-then-MAC, are vulnerable to packet sequence manipulation by an active attacker, if the attacker can intercept the network path. This can be used to sabotage SSH extension negotiation. This affects extensions with security impact, such as server-sig-algs.
Since the attacker can only remove packets sent before user authentication, this does not seem to fatally break the security of the SSH connection.
However, it is a cryptographic weakness to address.

There is no known problem with ChaCha20-Poly1305.

There is a small problem with SSH protocol using this algo (but not algo itself) - not critical - already patched on most systems.

Here more details:

ChaCha20-Poly1305 is said to be "vulnerable and perfectly exploitable" by Terrapin due to the way sequence numbers are used in key derivation. There isn't a cryptographic weakness in this algorithm, just in the way it's used for SSH.

rclone crypt is still secure:)

3 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.