Re: SecuRemote on Macintosh

[Adam Shostack <adam () homeport org>]

On Wed, Mar 17, 1999 at 12:15:30PM -0800, Neil Ratzlaff wrote:

| Just to make things fun, I also installed the W95 client of SSH (version
| 1.1) from DataFellows in Virtual PC.  A couple of minor installation
| problems, but it works fine inside SecuRemote or by itself.  
| 
| Question:  Is ssh inside SecuRemote any more secure than either one alone?

I was going to say SSH is more secure, because its been subject to
review, and then Darren had to go and remind us of the value of source 
availability.

I suspect SSH has a better (but not great) PRNG.  It has longer key
lengths.  Its protocol has been raked over the coals.  I suspect these
things because I have few reasons to trust SR.  Those features are
probably useful if you're worried about an opponent who has strong
crypto understanding (like Mudge or the NSA).  The NSA is much less
likely than Mudge to write an entertaining advisory with source
showing how to break SR.  If someone can and does write that bit, than
the clue needed to break SR may drop to roughly that needed to break
PPTP. 

Now, if SR is not weak, then it doesn't matter.   So, the question
boils down to, 'What assurance do you have that SSH or SR will resist
attacks over time?' 

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
                                                       -Hume