Re: IT security people sleep well

[Valdis.Kletnieks () vt edu]

On Thu, 03 Jun 2004 13:16:44 PDT, Eric Kuhnke <eric () fnordsystems com>  said:

> The part about Telnet is truly scary...   Among people who have "clue", 
> the biggest reason I have heard to continue running ssh1 is for 
> emergency access via hand-held smartphones or other pocket sized 
> devices.  The Handspring Treo 180 and similar keyboarded cellphone-pda 
> devices don't have the CPU power necessary for a SSH2 key exchange, 
> unless I'm drastically mistaken about the FPU abilities of a 33 MHz 
> Motorola Dragonball...

Unless the Dragonball is an 8-bit CPU, it shouldn't be *too* painful - looking at
the ssh 3.2.9.1 tree from ssh.com, the *only* reference to 'float' or 'double'
in the entire include/*.h tree is a "typedef double SshTimeT;".  Since a sane
key wont fit in an int, float, or double, it's all done using integer/logical
operations on arrays (more or less).

I just retired an IBM RS6000/350 - that had a whole whopping 50mz Power
chipset in it, and ran ssh2 just fine.  I know that the model 220 was a 33MHz
ppc 601 chipset, and that did SSH without burping too (The 601 chipset was
also used in the Macintosh 6600 machines).

If it's got enough CPU to connect to an SSL webpage, it's got enough for SSH.

Attachment: _bin
Description: