>>>>> "Debian" == Debian Lists <debian@sdmud.org> writes:
Debian> On Wed, 2 May 2001, Matteo S. wrote:
>> Hello! I have a doubt. The current SSH1 in Debian 2.2 potato is
>> secure?
>> I have read that ssh2 implementation of openssh is better
>> secure and the ssh1 is not secure. Is right?
Debian> Do not get into the habit of thinking of things as secure
Debian> or not secure. The word secure should always be
Debian> considered a temporary thing at best.
And: "Security is not a product, it's a process" Bruce Shneier (maybe
slightly paraphrased).
Debian> SSH2 is more secure than SSH1. SSH1 is pretty secure, or
Debian> secure enough for many uses if SSH2 is not available.
Debian> Security is like locks on the door of your house. There is
Debian> never secure vs unsecure, only levels and how much is too
Debian> much to be worth it. One lock on the doorknob? Doorknob
Debian> and a deadbolt? 3 locks? 4? 5?
Debian> If telnet is 1 lock, then SSH1 is 3 locks, and SSH2 is 5.
I'd see this as: non-ssl telnet is no lock. SSH1 is 1 lock. SSH2 is
also 1 lock, but a much better (and more expensive) one. ;-)
Why do I count both as 1 lock? Well, the number of locks has to do
with the security/usability balance: more locks are more secure[1],
but also less convenient. And SSH2 isn't more complicated to use than
SSH1, just better.
Bye, J
[1] Depends on the type of door, of course... a cheap wooden door in a
cheap, weak frame isn't secure, no matter how many locks you put on
it. Worse... 20 locks would probably weaken that door enough to point
that you could just gently push it in (instead of kicking) ;-)
--
Jürgen A. Erhard juergen.erhard@gmx.net phone: (GERMANY) 0721 27326
My WebHome: http://members.tripod.com/Juergen_Erhard
There's an NDA in the FSF...
Free Software FouNDAtion.
Attachment:
pgp1NjvhDfKIc.pgp
Description: PGP signature