Re: sshd1 allows unencrypted sessions regardless of server policy

From: der Mouse (mouseat_private)
Date: Tue Dec 14 1999 - 19:07:36 PST

Next message: Joseph Moran: "Re: sshd1 allows unencrypted sessions regardless of server policy"

Previous message: Elias Levy: "CERT Advisory CA-99-16 Buffer Overflow in Sun Solstice AdminSuite"
Maybe in reply to: Markus Friedl: "sshd1 allows unencrypted sessions regardless of server policy"
Next in thread: Joseph Moran: "Re: sshd1 allows unencrypted sessions regardless of server policy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If we're going to be picking nits....

> AFAIK...  The passpharse-less host keys are encrypted with 3-DES and
> no password.  They were, at one time, encrypted with IDEA with no
> password.

...neither IDEA nor triple-DES *can* encrypt with no "password" (by
which I have to assume you mean what is normally, for a block cipher,
called a "key").

Perhaps you mean "some non-secret key"[%], which is not the same thing
as *no* key.  (Of course, from a security point of view, if a
non-secret key is used, it makes no difference which one it is.)

[%] The one resulting from following the usual algorithms on a
    zero-length passphrase, perhaps...?

> Like I said...  Just a nit...

"What he said."

					der Mouse

			       mouseat_private
		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Next message: Joseph Moran: "Re: sshd1 allows unencrypted sessions regardless of server policy"
Previous message: Elias Levy: "CERT Advisory CA-99-16 Buffer Overflow in Sun Solstice AdminSuite"
Maybe in reply to: Markus Friedl: "sshd1 allows unencrypted sessions regardless of server policy"
Next in thread: Joseph Moran: "Re: sshd1 allows unencrypted sessions regardless of server policy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:21:06 PDT