[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh, /dev/urandom

   >    Telnet has worse security than even a buggy miserably fake ssh.
   > Telnet has _no_ security.  It doesn't have fake security, which you
   > get by using crappy random bits and Open SSH.  That is a huge
   > difference.  Open SSH was designed for security, telnet was _not_.

   What?  So you are saying that telnet is better than a fake ssh?  

Yes, in the sense that it does _NOT_ give the user a sense of fake

   Why?  I thought you stand up for security?!

Depends on what kind of security.  If you want to know what kind of
security I stand up for then this is not the forum to discuss that

The kind of security that I do _not_ stand up for is the kind that
gives the user a fake feeling.  Which is what you want todo with
adding weirdo hacks.  The best suggestion has been to compile Open SSH
with its own flags for gathering random bits on systems that do not
support /dev/random or /dev/urandom.

   At best, you can certainly argue that the fake ssh should be well
   documented, but this is no reason for exclusion.

Are you even following this discussion?  I have not said a single word
of the exlusion of ssh, not even muttered it, or implied it.  I am
against including a unsecure random translator!!!

Reply to: