Re: ssh, /dev/urandom

To: tb@becket.net
Cc: kilobug@freesurf.fr, neal@cs.uml.edu, jbailey@nisa.net, sergipop@mx3.redestb.es, debian-hurd@lists.debian.org
Subject: Re: ssh, /dev/urandom
From: "Alfred M. Szmidt" <ams@kemisten.nu>
Date: Thu, 19 Dec 2002 21:34:36 +0100
Message-id: <[🔎] E18P7NM-0000K9-00@lgh163a.kemisten.nu>
In-reply-to: <[🔎] 87ptrxwyah.fsf@becket.becket.net> (tb@becket.net)
References: <[🔎] E18NwLs-0003fU-00@lgh163a.kemisten.nu> <[🔎] plopm3lm2qc6b1.fsf@drizzt.dyndns.org> <[🔎] E18O0CD-0003pc-00@lgh163a.kemisten.nu> <[🔎] 20021217013456.GA30498@research.indocisc.com> <[🔎] E18OG7n-0004PK-00@lgh163a.kemisten.nu> <[🔎] 20021217153627.A15894@l2.ponznet.net> <[🔎] E18OKGC-0004WP-00@lgh163a.kemisten.nu> <[🔎] plopm3el8g4nec.fsf@drizzt.dyndns.org> <[🔎] E18OKyM-0004Xr-00@lgh163a.kemisten.nu> <[🔎] 87k7i8xy4o.fsf@becket.becket.net> <[🔎] 20021217193421.GB26396@nisa.net> <[🔎] 873cowxq19.fsf@becket.becket.net> <[🔎] 87el8gw846.fsf@bassanio.walfield.org> <[🔎] plopm3hedc6w2e.fsf@drizzt.dyndns.org> <[🔎] E18OS35-0004oC-00@lgh163a.kemisten.nu> <[🔎] 87bs3jgqln.fsf@becket.becket.net> <[🔎] E18Oicl-0005RI-00@lgh163a.kemisten.nu> <[🔎] 87k7i5yeek.fsf@becket.becket.net> <[🔎] E18P6tx-0000IG-00@lgh163a.kemisten.nu> <[🔎] 87ptrxwyah.fsf@becket.becket.net>

   >    Telnet has worse security than even a buggy miserably fake ssh.
   > 
   > Telnet has _no_ security.  It doesn't have fake security, which you
   > get by using crappy random bits and Open SSH.  That is a huge
   > difference.  Open SSH was designed for security, telnet was _not_.

   What?  So you are saying that telnet is better than a fake ssh?  

Yes, in the sense that it does _NOT_ give the user a sense of fake
security.

   Why?  I thought you stand up for security?!

Depends on what kind of security.  If you want to know what kind of
security I stand up for then this is not the forum to discuss that
issue.

The kind of security that I do _not_ stand up for is the kind that
gives the user a fake feeling.  Which is what you want todo with
adding weirdo hacks.  The best suggestion has been to compile Open SSH
with its own flags for gathering random bits on systems that do not
support /dev/random or /dev/urandom.

   At best, you can certainly argue that the fake ssh should be well
   documented, but this is no reason for exclusion.

Are you even following this discussion?  I have not said a single word
of the exlusion of ssh, not even muttered it, or implied it.  I am
against including a unsecure random translator!!!

Reply to:

Follow-Ups:
- Re: ssh, /dev/urandom
  - From: tb@becket.net (Thomas Bushnell, BSG)

References:
- Re: K1 images - final report?
  - From: "Alfred M. Szmidt" <ams@kemisten.nu>
- Re: K1 images - final report?
  - From: kilobug@freesurf.fr (Gaël Le Mignot)
- Re: K1 images - final report?
  - From: "Alfred M. Szmidt" <ams@kemisten.nu>
- ssh, /dev/urandom (was: Re: K1 images - final report?)
  - From: Budi Rahardjo <budi@research.indocisc.com>
- Re: ssh, /dev/urandom (was: Re: K1 images - final report?)
  - From: "Alfred M. Szmidt" <ams@kemisten.nu>
- Re: ssh, /dev/urandom (was: Re: K1 images - final report?)
  - From: pancake <sergipop@mx3.redestb.es>
- Re: ssh, /dev/urandom (was: Re: K1 images - final report?)
  - From: "Alfred M. Szmidt" <ams@kemisten.nu>
- Re: ssh, /dev/urandom
  - From: kilobug@freesurf.fr (Gaël Le Mignot)
- Re: ssh, /dev/urandom
  - From: "Alfred M. Szmidt" <ams@kemisten.nu>
- Re: ssh, /dev/urandom
  - From: tb@becket.net (Thomas Bushnell, BSG)
- Re: ssh, /dev/urandom
  - From: Jeff Bailey <jbailey@nisa.net>
- Re: ssh, /dev/urandom
  - From: tb@becket.net (Thomas Bushnell, BSG)
- Re: ssh, /dev/urandom
  - From: neal@cs.uml.edu (Neal H. Walfield)
- Re: ssh, /dev/urandom
  - From: kilobug@freesurf.fr (Gaël Le Mignot)
- Re: ssh, /dev/urandom
  - From: "Alfred M. Szmidt" <ams@kemisten.nu>
- Re: ssh, /dev/urandom
  - From: tb@becket.net (Thomas Bushnell, BSG)
- Re: ssh, /dev/urandom
  - From: "Alfred M. Szmidt" <ams@kemisten.nu>
- Re: ssh, /dev/urandom
  - From: tb@becket.net (Thomas Bushnell, BSG)
- Re: ssh, /dev/urandom
  - From: "Alfred M. Szmidt" <ams@kemisten.nu>
- Re: ssh, /dev/urandom
  - From: tb@becket.net (Thomas Bushnell, BSG)

Prev by Date: Re: ssh, /dev/urandom
Next by Date: Re: ssh, /dev/urandom
Previous by thread: Re: ssh, /dev/urandom
Next by thread: Re: ssh, /dev/urandom
Index(es):
- Date
- Thread