nanog mailing list archives

Re: RSA Patent Expired

From: "Frater M.A.Ch.H. 999" <azoth () occult net>
Date: Wed, 4 Oct 2000 20:26:49 -0500


Enkhyl:

Do what thou wilt shall be the whole of the law.

That's fine and dandy, but the bugtraq exploit that you are pointing to in
that link is, according to the bugtraq advisory, only applicable to ssh
version 1.2.27.

Other versions don't seem to be affected.

About the sig, UNIX is far from dead.  It's track record sure beats NT. ;)

Love is the law, love under will.

Frater M.A.Ch.H. 999

~~~^^O^^~~~

MTH/HE/SX/TA/EN S++(*) W N+++(++) PEG++(XX) Dr+ A>++ a++ C G+ QH+++
666++ Y++(+++) Z+


----- Original Message -----
From: "Enkhyl" <enkhyl () pobox com>
To: "Richard A. Steenbergen" <ras () e-gerbil net>
Cc: "Richard Welty" <rwelty () vpnet com>; "Bill Fumerola"
<billf () chimesnet com>; "Hendrik Visage" <hvisage () is co za>; "Bradly Walters"
<bwalters () inet-direct com>; <nanog () merit edu>
Sent: Wednesday, October 04, 2000 7:02 PM
Subject: RE: RSA Patent Expired


On Wed, 4 Oct 2000, Richard A. Steenbergen wrote:

On Tue, 3 Oct 2000, Richard Welty wrote:

Bill Fumerola [mailto:billf () chimesnet com] wrote:

OpenSSH uses RSA for ssh1, so it too benefited greatly
from RSA's release of the code into the public domain.


except that nobody should be using ssh1 for _anything_ if they can
possibly avoid it. even the orginal authors of ssh are strongly
advocating
consigning ssh1 to the trash heap of computer security.


I think you're confused, ssh1 is still a very valid protocol. It is well
tested and proven, and in many cases better implemented then ssh2

(though

of course that may change eventually). Don't confuse the desire to make
money with insecurity.


There are known holes in the SSH1 protocol, which is why it is recommended
that the SSH2 protocol be used.

http://www.securityportal.com/list-archive/bugtraq/1999/Dec/0195.html

The vulnerability is non-trivial to exploit, but it is a flaw. See the
reference in the above link.

--
Christopher Nielsen
(enkhyl|cnielsen)@pobox.com
"Not only is UNIX dead, it's starting to smell really bad." --rob pike

Current thread:

RE: RSA Patent Expired Richard Welty (Oct 03)
- Re: RSA Patent Expired Bill Fumerola (Oct 03)
- <Possible follow-ups>
- RE: RSA Patent Expired Roeland M.J. Meyer (Oct 03)
- RE: RSA Patent Expired Richard A. Steenbergen (Oct 04)
  - RE: RSA Patent Expired Enkhyl (Oct 04)
    - RE: RSA Patent Expired Richard A. Steenbergen (Oct 04)
    - Re: RSA Patent Expired Frater M.A.Ch.H. 999 (Oct 04)
    - Re: RSA Patent Expired Richard A. Steenbergen (Oct 04)
  - RE: RSA Patent Expired Greg A. Woods (Oct 04)
  - RE: RSA Patent Expired Joe Shaw (Oct 05)
    - RE: RSA Patent Expired Joe Shaw (Oct 05)
    - Re: RSA Patent Expired Bora Akyol (Oct 05)