Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: RSA Patent Expired

  • From: Frater M.A.Ch.H. 999
  • Date: Wed Oct 04 21:24:01 2000

Enkhyl:

Do what thou wilt shall be the whole of the law.

That's fine and dandy, but the bugtraq exploit that you are pointing to in
that link is, according to the bugtraq advisory, only applicable to ssh
version 1.2.27.

Other versions don't seem to be affected.

About the sig, UNIX is far from dead.  It's track record sure beats NT. ;)

Love is the law, love under will.

Frater M.A.Ch.H. 999

~~~^^O^^~~~

MTH/HE/SX/TA/EN S++(*) W N+++(++) PEG++(XX) Dr+ A>++ a++ C G+ QH+++
666++ Y++(+++) Z+


----- Original Message -----
From: "Enkhyl" <enkhyl@pobox.com>
To: "Richard A. Steenbergen" <ras@e-gerbil.net>
Cc: "Richard Welty" <rwelty@vpnet.com>; "Bill Fumerola"
<billf@chimesnet.com>; "Hendrik Visage" <hvisage@is.co.za>; "Bradly Walters"
<bwalters@inet-direct.com>; <nanog@merit.edu>
Sent: Wednesday, October 04, 2000 7:02 PM
Subject: RE: RSA Patent Expired


>
> On Wed, 4 Oct 2000, Richard A. Steenbergen wrote:
>
> > On Tue, 3 Oct 2000, Richard Welty wrote:
> >
> > > Bill Fumerola [mailto:billf@chimesnet.com] wrote:
> > > > OpenSSH uses RSA for ssh1, so it too benefited greatly
> > > > from RSA's release of the code into the public domain.
> > >
> > > except that nobody should be using ssh1 for _anything_ if they can
> > > possibly avoid it. even the orginal authors of ssh are strongly
> > > advocating
> > > consigning ssh1 to the trash heap of computer security.
> >
> > I think you're confused, ssh1 is still a very valid protocol. It is well
> > tested and proven, and in many cases better implemented then ssh2
(though
> > of course that may change eventually). Don't confuse the desire to make
> > money with insecurity.
>
> There are known holes in the SSH1 protocol, which is why it is recommended
> that the SSH2 protocol be used.
>
> http://www.securityportal.com/list-archive/bugtraq/1999/Dec/0195.html
>
> The vulnerability is non-trivial to exploit, but it is a flaw. See the
> reference in the above link.
>
> --
> Christopher Nielsen
> (enkhyl|cnielsen)@pobox.com
> "Not only is UNIX dead, it's starting to smell really bad." --rob pike
>
>
>






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.