Adrian 'Dagurashibanipal' von Bidder grabbed a keyboard and typed...
> As I said, I was not closely following the story, but IIRC the SSH
> Protocol version 1 has a principal design flaw that *can* *not* *be*
> *fixed* without breaking the protocol.
That is correct. I've had loooong discussions with Tatu Ylonen on this
when I was at SSH.com.
> There were, of course, additional issues with implementations, but ssh1
> never really was secure, and never will be. I'm not making any statement
> about the practical relevance of the attack here, nor do I know of any
> successful break in using this weakness, so YMMV.
Arcfour (RC4), the CRC32 attack, and the Secure RPC were problems
addressed by later versions of OpenSSH and SSH1 releases.
There are other problems too--and you're right--fixing them would
break SSH1. Instead, SSH2 was written to address these issues from
the ground up.
From what I remember, one of the biggest problems in SSH1 is that
it uses weak authentication for the packets. There are other problems
too, and the VUs issued by CERT only cover a portion of the issues.
-Anne
--
.-"".__."``". Anne Carasik, System Administrator
.-.--. _...' (/) (/) ``' gator at cacr dot caltech dot edu
(O/ O) \-' ` -="""=. ', Center for Advanced Computing Research
~`~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Attachment:
pgpRmQqDcXmJb.pgp
Description: PGP signature