[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Suggested way to ssh into obsolete devices (with old ssh crypto)?

>> I think the first reaction should be to report it as a bug, so that the
>> old cipher is re-added.  I think the same argument in favor of including
>> the "none" cipher should apply to including old deprecated ciphers.
> The old ciphers are generally removed for a reason: because they are hugely
> insecure.

If they have buffer overflow-style holes, those should be fixed.
Other than that I can't see how they can be less secure than the "none" cipher.

I fully agree with removing them from the list of cipher that will be
automatically chosen for you.  But keeping them available upon explicit
request for those cases where it's the only cipher that works with
a particular other device makes a lot of sense.


Reply to: