[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH-1.5-OpenSSH-1.2.3 of debian 2.2 is secure?



>>>>> "Debian" == Debian Lists <debian@sdmud.org> writes:

    Debian> On Wed, 2 May 2001, Matteo S. wrote:
    >> Hello! I have a doubt. The current SSH1 in Debian 2.2 potato is
    >> secure?

    >> I have read that ssh2 implementation of openssh is better
    >> secure and the ssh1 is not secure. Is right?

    Debian> Do not get into the habit of thinking of things as secure
    Debian> or not secure.  The word secure should always be
    Debian> considered a temporary thing at best.

And: "Security is not a product, it's a process" Bruce Shneier (maybe
slightly paraphrased).

    Debian> SSH2 is more secure than SSH1. SSH1 is pretty secure, or
    Debian> secure enough for many uses if SSH2 is not available.

    Debian> Security is like locks on the door of your house. There is
    Debian> never secure vs unsecure, only levels and how much is too
    Debian> much to be worth it. One lock on the doorknob? Doorknob
    Debian> and a deadbolt? 3 locks? 4? 5?

    Debian> If telnet is 1 lock, then SSH1 is 3 locks, and SSH2 is 5.

I'd see this as: non-ssl telnet is no lock.  SSH1 is 1 lock.  SSH2 is
also 1 lock, but a much better (and more expensive) one.  ;-)

Why do I count both as 1 lock?  Well, the number of locks has to do
with the security/usability balance: more locks are more secure[1],
but also less convenient.  And SSH2 isn't more complicated to use than
SSH1, just better.

Bye, J

[1] Depends on the type of door, of course... a cheap wooden door in a
cheap, weak frame isn't secure, no matter how many locks you put on
it.  Worse... 20 locks would probably weaken that door enough to point
that you could just gently push it in (instead of kicking) ;-)

-- 
Jürgen A. Erhard    juergen.erhard@gmx.net   phone: (GERMANY) 0721 27326
          My WebHome: http://members.tripod.com/Juergen_Erhard
                      There's an NDA in the FSF...
                       Free Software FouNDAtion.

Attachment: pgpzQnOj1MreD.pgp
Description: PGP signature


Reply to: