Re: RSA Patent Expired

["Richard A. Steenbergen" <ras () e-gerbil net>]

On Wed, 4 Oct 2000, Frater M.A.Ch.H. 999 wrote:

> That's fine and dandy, but the bugtraq exploit that you are pointing to in
> that link is, according to the bugtraq advisory, only applicable to ssh
> version 1.2.27.
>
> Other versions don't seem to be affected.

The crux of the problem is that the ssh1 protocol does not make use of
cryptographically secure MACs (message authentication code), but instead
relies on crc32 to provide integrity checks from insertion attacks. The
problem with crc32 is it was designed to detect accidental data corruption
but not to provide cryptographic verification of data integrity, so it is
possible to "somewhat" easily create "different" data with the same crc32
value. Past version 1.2.27 code was added to detect someone doing this
("crc compensation"), so its not a real concern of vulnerability. But it
is a theoretical design weakness, which is why MACs are used in ssh2.

It is up to the admins to decide if running ssh2 is worth their time.
Personally I run OpenSSH (now part of the default installation on
[Free,Open]BSD) which supports both versions of the protocol much more
seamlessly then the original ssh. Many people prefer ssh1, and keep in
mind that some systems are ssh1 only, like the SSH available for Ciscos
for example.

But enough of this thread, everyone gets the point... :P

-- 
Richard A Steenbergen <ras () e-gerbil net>   http://www.e-gerbil.net/humble
PGP Key ID: 0x138EA177  (67 29 D7 BC E8 18 3E DA  B2 46 B3 D8 14 36 FE B6)