Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: sshd1 allows unencrypted sessions regardless of server policy

From: mouse () RODENTS MONTREAL QC CA (der Mouse)
Date: Tue, 14 Dec 1999 22:07:36 -0500

If we're going to be picking nits....


AFAIK...  The passpharse-less host keys are encrypted with 3-DES and
no password.  They were, at one time, encrypted with IDEA with no
password.


...neither IDEA nor triple-DES *can* encrypt with no "password" (by
which I have to assume you mean what is normally, for a block cipher,
called a "key").

Perhaps you mean "some non-secret key"[%], which is not the same thing
as *no* key.  (Of course, from a security point of view, if a
non-secret key is used, it makes no difference which one it is.)

[%] The one resulting from following the usual algorithms on a
    zero-length passphrase, perhaps...?


Like I said...  Just a nit...


"What he said."

                                        der Mouse

                               mouse () rodents montreal qc ca
                     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B
Previous By Date Next
Previous By Thread Next

Current thread: