|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: RSA Patent Expired
On Wed, 4 Oct 2000, Richard A. Steenbergen wrote: > On Tue, 3 Oct 2000, Richard Welty wrote: > > > Bill Fumerola [mailto:[email protected]] wrote: > > > OpenSSH uses RSA for ssh1, so it too benefited greatly > > > from RSA's release of the code into the public domain. > > > > except that nobody should be using ssh1 for _anything_ if they can > > possibly avoid it. even the orginal authors of ssh are strongly > > advocating > > consigning ssh1 to the trash heap of computer security. > > I think you're confused, ssh1 is still a very valid protocol. It is well > tested and proven, and in many cases better implemented then ssh2 (though > of course that may change eventually). Don't confuse the desire to make > money with insecurity. There are known holes in the SSH1 protocol, which is why it is recommended that the SSH2 protocol be used. http://www.securityportal.com/list-archive/bugtraq/1999/Dec/0195.html The vulnerability is non-trivial to exploit, but it is a flaw. See the reference in the above link. -- Christopher Nielsen (enkhyl|cnielsen)@pobox.com "Not only is UNIX dead, it's starting to smell really bad." --rob pike
|