>>>>> "Debian" == Debian Lists <email@example.com> writes: Debian> On Wed, 2 May 2001, Matteo S. wrote: >> Hello! I have a doubt. The current SSH1 in Debian 2.2 potato is >> secure? >> I have read that ssh2 implementation of openssh is better >> secure and the ssh1 is not secure. Is right? Debian> Do not get into the habit of thinking of things as secure Debian> or not secure. The word secure should always be Debian> considered a temporary thing at best. And: "Security is not a product, it's a process" Bruce Shneier (maybe slightly paraphrased). Debian> SSH2 is more secure than SSH1. SSH1 is pretty secure, or Debian> secure enough for many uses if SSH2 is not available. Debian> Security is like locks on the door of your house. There is Debian> never secure vs unsecure, only levels and how much is too Debian> much to be worth it. One lock on the doorknob? Doorknob Debian> and a deadbolt? 3 locks? 4? 5? Debian> If telnet is 1 lock, then SSH1 is 3 locks, and SSH2 is 5. I'd see this as: non-ssl telnet is no lock. SSH1 is 1 lock. SSH2 is also 1 lock, but a much better (and more expensive) one. ;-) Why do I count both as 1 lock? Well, the number of locks has to do with the security/usability balance: more locks are more secure, but also less convenient. And SSH2 isn't more complicated to use than SSH1, just better. Bye, J  Depends on the type of door, of course... a cheap wooden door in a cheap, weak frame isn't secure, no matter how many locks you put on it. Worse... 20 locks would probably weaken that door enough to point that you could just gently push it in (instead of kicking) ;-) -- Jürgen A. Erhard firstname.lastname@example.org phone: (GERMANY) 0721 27326 My WebHome: http://members.tripod.com/Juergen_Erhard There's an NDA in the FSF... Free Software FouNDAtion.
Description: PGP signature