[Plug-security] ssh1 still secure?

J. Francois frenchie@magusnet.gilbert.az.us
Wed, 15 Mar 2000 11:26:58 -0700


It seems like on Wed, Mar 15, 2000 at 10:53:41AM -0700, sinck@corp.quepasa.com scribbled:
Orig Msg> I've heard from various sources, some more trustworthy than others
Orig Msg> (but potentially still with bad data), that ssh1 is no longer secure
Orig Msg> and can be cracked, to the point where it's little better than playing
Orig Msg> telnet-roulette?
Orig Msg> 
Orig Msg> TIA.  I think.
Orig Msg> 
Orig Msg> David
Orig Msg> 

SSH complies with RSAREF is broken.
The BSAFE routines have buffer overflows.

I use:
SSH Version 1.2.27 [i586-unknown-linux], protocol version 1.5.
Standard version.  Does not use RSAREF.
Which is , of course, illegal in the US because of the RSA patents.

The OpenSSH project has fixed some of this.

3des, blowfish, and others are available with the "-c" switch.
See: man ssh
for details.

Jean Francois Sends...
President & CEO MagusNet, Inc.
MagusNet.com, MagusNet.Gilbert.AZ.US
CTO EBIZ Enterprises, Inc.
TheLinuxStore.com, TheLinuxLab.com, LinuxWired.net
480-778-1120 - Office
602-770-JLF1 - Cellular