[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Suggested way to ssh into obsolete devices (with old ssh crypto)?

On Tue, Jul 06, 2021 at 02:11:21PM -0400, Michael Stone wrote:


> It's entirely too common for obsolete encryption options that are
> kept for "compatibility" end up being a vector for compromise, and
> entirely reasonable to remove such options in order to provide the
> most secure and maintainable tool for the vast majority of users.

That's the attitude of authoritarian software: "my software is smarter
than you".

The authors are free to hold that position, but so am I to utterly
dislike it.

> If you want ancient crypto options, just run an ancient binary.
> They're very easy to find in archive.debian.org.

They're not as easy to run as soon as they start being outrun by
their dependencie's versions, and you perfectly know that.

> Of course, the real answer is to not purchase products with "secure"
> management that can't be upgraded when it becomes "insecure"
> management.

See above. To me, this is a dangerous antipattern.

 - t

Attachment: signature.asc
Description: Digital signature

Reply to: