Firewall Wizards mailing list archives
Re: SecuRemote on Macintosh
From: Adam Shostack <adam () homeport org>
Date: Fri, 19 Mar 1999 11:45:29 -0500
On Wed, Mar 17, 1999 at 12:15:30PM -0800, Neil Ratzlaff wrote: | Just to make things fun, I also installed the W95 client of SSH (version | 1.1) from DataFellows in Virtual PC. A couple of minor installation | problems, but it works fine inside SecuRemote or by itself. | | Question: Is ssh inside SecuRemote any more secure than either one alone? I was going to say SSH is more secure, because its been subject to review, and then Darren had to go and remind us of the value of source availability. I suspect SSH has a better (but not great) PRNG. It has longer key lengths. Its protocol has been raked over the coals. I suspect these things because I have few reasons to trust SR. Those features are probably useful if you're worried about an opponent who has strong crypto understanding (like Mudge or the NSA). The NSA is much less likely than Mudge to write an entertaining advisory with source showing how to break SR. If someone can and does write that bit, than the clue needed to break SR may drop to roughly that needed to break PPTP. Now, if SR is not weak, then it doesn't matter. So, the question boils down to, 'What assurance do you have that SSH or SR will resist attacks over time?' Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
Current thread:
- SecuRemote on Macintosh Neil Ratzlaff (Mar 18)
- Re: SecuRemote on Macintosh Adam Shostack (Mar 19)