|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: RSA Patent Expired
openssh source may be free but some of the libraries that it requires are GPLd. This causes problems for including the ssh code on routers etc. If I am mistaken, please email me privately, I would be glad to learn more about this. Bora ----- Original Message ----- From: "Joe Shaw" <[email protected]> To: "Richard A. Steenbergen" <[email protected]> Cc: "Richard Welty" <[email protected]>; "Bill Fumerola" <[email protected]>; "Hendrik Visage" <[email protected]>; "Bradly Walters" <[email protected]>; <[email protected]> Sent: Thursday, October 05, 2000 8:41 AM Subject: RE: RSA Patent Expired > > > On Wed, 4 Oct 2000, Richard A. Steenbergen wrote: > > > > except that nobody should be using ssh1 for _anything_ if they can > > > possibly avoid it. even the orginal authors of ssh are strongly > > > advocating > > > consigning ssh1 to the trash heap of computer security. > > > > I think you're confused, ssh1 is still a very valid protocol. It is well > > tested and proven, and in many cases better implemented then ssh2 (though > > of course that may change eventually). Don't confuse the desire to make > > money with insecurity. > > No, he's not confused. Supposedly, using any algorithm other than 3DES > with SSH1 can set you up for some type of stream insertion attack. I've > never seen it personally, but supposedly the threat does exist. > > Furthermore, OpenSSH supports ssh2 and is free, in both the free beer and > the free speech way. The BSD license is cool like that. > > -- > Joseph W. Shaw - [email protected] > Computer Security Consultant and Programmer > Free UNIX advocate and all around nice guy. > >
|