North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: [rootshell] Security Bulletin #25
>Well, seeing how 2.0 is actually a commercial product and supposedly >re-written, I can see why they'd want to sell it. If you want to run ssh >and don't want to pay for it, you're stuck with the 1.x version. Those >that can pay do, and those that don't whine for some reason. It's not >like you couldn't take the source to 1.2.26 and alter it now, is it? Have you ever stopped to look at the src to 2.0? Large portions of it is unfinished. Hell the only symetric ciphers they have are DES (do we even have to go here), RC4 (a stream cipher that has been implimented wrong in SSH before), and Mars (an AES candidate from IBM which has known attacks against it). -- Richard Steenbergen <[email protected]> Data Innovations System Admin http://www.bitchx.com/~humble - [email protected] - PGP KeyID: 0x21581362 PGP Fingerprint: 7552 6AB2 B9C7 5A1B F1B6 8EA3 DFCF 793D 2158 1362 Remember - Boss spelled backwards is "double S.O.B"
|