nanog mailing list archives

Re: [rootshell] Security Bulletin #25

From: "Richard Steenbergen" <humble () lightning net>
Date: Tue, 3 Nov 1998 20:09:38 -0500

Well, seeing how 2.0 is actually a commercial product and supposedly
re-written, I can see why they'd want to sell it.  If you want to run ssh
and don't want to pay for it, you're stuck with the 1.x version.  Those
that can pay do, and those that don't whine for some reason.  It's not
like you couldn't take the source to 1.2.26 and alter it now, is it?


Have you ever stopped to look at the src to 2.0? Large portions of it is
unfinished. Hell the only symetric ciphers they have are DES (do we even
have to go here), RC4 (a stream cipher that has been implimented wrong in
SSH before), and Mars (an AES candidate from IBM which has known attacks
against it).

--
Richard Steenbergen <humble () lightning net> Data Innovations System Admin
http://www.bitchx.com/~humble - humble@EFnet - PGP KeyID: 0x21581362
PGP Fingerprint: 7552 6AB2 B9C7 5A1B F1B6  8EA3 DFCF 793D 2158 1362
Remember - Boss spelled backwards is "double S.O.B"

Current thread:

[rootshell] Security Bulletin #25 Kit Knox (Nov 01)
- Re: [rootshell] Security Bulletin #25 C. Harald Koch (Nov 02)
  - Re: [rootshell] Security Bulletin #25 Joe Shaw (Nov 02)
- <Possible follow-ups>
- Re: [rootshell] Security Bulletin #25 Richard Steenbergen (Nov 02)
  - Re: [rootshell] Security Bulletin #25 Roeland M.J. Meyer (Nov 02)
    - Re: [rootshell] Security Bulletin #25 Joe Loiacono (Nov 03)
    - Re: [rootshell] Security Bulletin #25 Dan Watts (Nov 03)
    - Re: [rootshell] Security Bulletin #25 Roeland M.J. Meyer (Nov 03)