North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: RSA Patent Expired

  • From: Enkhyl
  • Date: Wed Oct 04 20:05:22 2000

On Wed, 4 Oct 2000, Richard A. Steenbergen wrote:

> On Tue, 3 Oct 2000, Richard Welty wrote:
> > Bill Fumerola [mailto:[email protected]] wrote:
> > > OpenSSH uses RSA for ssh1, so it too benefited greatly
> > > from RSA's release of the code into the public domain.
> >
> > except that nobody should be using ssh1 for _anything_ if they can
> > possibly avoid it. even the orginal authors of ssh are strongly
> > advocating
> > consigning ssh1 to the trash heap of computer security.
> I think you're confused, ssh1 is still a very valid protocol. It is well
> tested and proven, and in many cases better implemented then ssh2 (though 
> of course that may change eventually). Don't confuse the desire to make
> money with insecurity.

There are known holes in the SSH1 protocol, which is why it is recommended
that the SSH2 protocol be used.

The vulnerability is non-trivial to exploit, but it is a flaw. See the
reference in the above link.

Christopher Nielsen
"Not only is UNIX dead, it's starting to smell really bad." --rob pike