←back to thread

637 points h1x | 1 comments | | HN request time: 0.227s | source
1. geocar ◴[] No.29213357[source]
> Since the first three bytes of the SSH protocol signature input are different from the ssh-keygen signature input, the SSH client and ssh-keygen will never produce identical signatures. Therefore, there is no risk of cross-protocol attacks

That's not convincing to me. Does anyone have more details on this?

It does not seem right to me that a signing protocol secure for similar things would necessarily be secure against random things; A LFR over a long sequence seems like it could be different than a single feedback over random space, and sometimes that difference could be important.