On Tue, 3 Oct 2000, Richard Welty wrote:
Bill Fumerola [mailto:billf@chimesnet.com] wrote:
OpenSSH uses RSA for ssh1, so it too benefited greatly from RSA's release of the code into the public domain.
except that nobody should be using ssh1 for _anything_ if they can possibly avoid it. even the orginal authors of ssh are strongly advocating consigning ssh1 to the trash heap of computer security.
I think you're confused, ssh1 is still a very valid protocol. It is well tested and proven, and in many cases better implemented then ssh2 (though of course that may change eventually). Don't confuse the desire to make money with insecurity. As for the release of the RSA patent, its a "nice thing" but it hasn't changed much other then cleaning up some bad code by removing the need to use RSAREF (and good riddence), and moving some dollar signs around for commercial implementors. "Anyone is now free to rub two primes together for their own gratification" -- Unknown -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/humble PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
On Wed, 4 Oct 2000, Richard A. Steenbergen wrote:
On Tue, 3 Oct 2000, Richard Welty wrote:
Bill Fumerola [mailto:billf@chimesnet.com] wrote:
OpenSSH uses RSA for ssh1, so it too benefited greatly from RSA's release of the code into the public domain.
except that nobody should be using ssh1 for _anything_ if they can possibly avoid it. even the orginal authors of ssh are strongly advocating consigning ssh1 to the trash heap of computer security.
I think you're confused, ssh1 is still a very valid protocol. It is well tested and proven, and in many cases better implemented then ssh2 (though of course that may change eventually). Don't confuse the desire to make money with insecurity.
There are known holes in the SSH1 protocol, which is why it is recommended that the SSH2 protocol be used. http://www.securityportal.com/list-archive/bugtraq/1999/Dec/0195.html The vulnerability is non-trivial to exploit, but it is a flaw. See the reference in the above link. -- Christopher Nielsen (enkhyl|cnielsen)@pobox.com "Not only is UNIX dead, it's starting to smell really bad." --rob pike
On Wed, 4 Oct 2000, Enkhyl wrote:
On Wed, 4 Oct 2000, Richard A. Steenbergen wrote:
On Tue, 3 Oct 2000, Richard Welty wrote:
Bill Fumerola [mailto:billf@chimesnet.com] wrote:
OpenSSH uses RSA for ssh1, so it too benefited greatly from RSA's release of the code into the public domain.
except that nobody should be using ssh1 for _anything_ if they can possibly avoid it. even the orginal authors of ssh are strongly advocating consigning ssh1 to the trash heap of computer security.
I think you're confused, ssh1 is still a very valid protocol. It is well tested and proven, and in many cases better implemented then ssh2 (though of course that may change eventually). Don't confuse the desire to make money with insecurity.
There are known holes in the SSH1 protocol, which is why it is recommended that the SSH2 protocol be used.
http://www.securityportal.com/list-archive/bugtraq/1999/Dec/0195.html
The vulnerability is non-trivial to exploit, but it is a flaw. See the reference in the above link.
Hence the addition of a strong MAC in ssh2. This is a pretty difficult attack to pull off, but I'll agree its handled better in ssh2. -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/humble PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
Enkhyl: Do what thou wilt shall be the whole of the law. That's fine and dandy, but the bugtraq exploit that you are pointing to in that link is, according to the bugtraq advisory, only applicable to ssh version 1.2.27. Other versions don't seem to be affected. About the sig, UNIX is far from dead. It's track record sure beats NT. ;) Love is the law, love under will. Frater M.A.Ch.H. 999 ~~~^^O^^~~~ MTH/HE/SX/TA/EN S++(*) W N+++(++) PEG++(XX) Dr+ A>++ a++ C G+ QH+++ 666++ Y++(+++) Z+ ----- Original Message ----- From: "Enkhyl" <enkhyl@pobox.com> To: "Richard A. Steenbergen" <ras@e-gerbil.net> Cc: "Richard Welty" <rwelty@vpnet.com>; "Bill Fumerola" <billf@chimesnet.com>; "Hendrik Visage" <hvisage@is.co.za>; "Bradly Walters" <bwalters@inet-direct.com>; <nanog@merit.edu> Sent: Wednesday, October 04, 2000 7:02 PM Subject: RE: RSA Patent Expired
On Wed, 4 Oct 2000, Richard A. Steenbergen wrote:
On Tue, 3 Oct 2000, Richard Welty wrote:
Bill Fumerola [mailto:billf@chimesnet.com] wrote:
OpenSSH uses RSA for ssh1, so it too benefited greatly from RSA's release of the code into the public domain.
except that nobody should be using ssh1 for _anything_ if they can possibly avoid it. even the orginal authors of ssh are strongly advocating consigning ssh1 to the trash heap of computer security.
I think you're confused, ssh1 is still a very valid protocol. It is well tested and proven, and in many cases better implemented then ssh2
(though
of course that may change eventually). Don't confuse the desire to make money with insecurity.
There are known holes in the SSH1 protocol, which is why it is recommended that the SSH2 protocol be used.
http://www.securityportal.com/list-archive/bugtraq/1999/Dec/0195.html
The vulnerability is non-trivial to exploit, but it is a flaw. See the reference in the above link.
-- Christopher Nielsen (enkhyl|cnielsen)@pobox.com "Not only is UNIX dead, it's starting to smell really bad." --rob pike
On Wed, 4 Oct 2000, Frater M.A.Ch.H. 999 wrote:
That's fine and dandy, but the bugtraq exploit that you are pointing to in that link is, according to the bugtraq advisory, only applicable to ssh version 1.2.27.
Other versions don't seem to be affected.
The crux of the problem is that the ssh1 protocol does not make use of cryptographically secure MACs (message authentication code), but instead relies on crc32 to provide integrity checks from insertion attacks. The problem with crc32 is it was designed to detect accidental data corruption but not to provide cryptographic verification of data integrity, so it is possible to "somewhat" easily create "different" data with the same crc32 value. Past version 1.2.27 code was added to detect someone doing this ("crc compensation"), so its not a real concern of vulnerability. But it is a theoretical design weakness, which is why MACs are used in ssh2. It is up to the admins to decide if running ssh2 is worth their time. Personally I run OpenSSH (now part of the default installation on [Free,Open]BSD) which supports both versions of the protocol much more seamlessly then the original ssh. Many people prefer ssh1, and keep in mind that some systems are ssh1 only, like the SSH available for Ciscos for example. But enough of this thread, everyone gets the point... :P -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/humble PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
[ On Wednesday, October 4, 2000 at 19:43:55 (-0400), Richard A. Steenbergen wrote: ]
Subject: RE: RSA Patent Expired
I think you're confused, ssh1 is still a very valid protocol. It is well tested and proven, and in many cases better implemented then ssh2 (though of course that may change eventually). Don't confuse the desire to make money with insecurity.
It's not that the draft version of the SSH protocol is by design insecure, but rather that it is somewhat broken when faced with real-world requirements -- the design completely omits at least one very critial requirement! The fact that it works as well as it does is a testament both to the ingenuity of its implementors and to the relative reliability of the Internet as a whole. (That's not to slight the initial design as "poor" either -- it was a very ambitious undertaking and some things just had to wait until a proof of concept turned into an indispensable tool! I still use it primarily today and I am only now slowly beginning a transition to SSHv2.) -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>
On Wed, 4 Oct 2000, Richard A. Steenbergen wrote:
except that nobody should be using ssh1 for _anything_ if they can possibly avoid it. even the orginal authors of ssh are strongly advocating consigning ssh1 to the trash heap of computer security.
I think you're confused, ssh1 is still a very valid protocol. It is well tested and proven, and in many cases better implemented then ssh2 (though of course that may change eventually). Don't confuse the desire to make money with insecurity.
No, he's not confused. Supposedly, using any algorithm other than 3DES with SSH1 can set you up for some type of stream insertion attack. I've never seen it personally, but supposedly the threat does exist. Furthermore, OpenSSH supports ssh2 and is free, in both the free beer and the free speech way. The BSD license is cool like that. -- Joseph W. Shaw - jshaw@insync.net Computer Security Consultant and Programmer Free UNIX advocate and all around nice guy.
Having read the rest of the thread, I see that this was already covered. My apologies for the twice wasted bandwidth. -- Joseph W. Shaw - jshaw@insync.net Computer Security Consultant and Programmer Free UNIX advocate and all around nice guy. On Thu, 5 Oct 2000, Joe Shaw wrote:
No, he's not confused. Supposedly, using any algorithm other than 3DES with SSH1 can set you up for some type of stream insertion attack. I've never seen it personally, but supposedly the threat does exist.
Furthermore, OpenSSH supports ssh2 and is free, in both the free beer and the free speech way. The BSD license is cool like that.
-- Joseph W. Shaw - jshaw@insync.net
openssh source may be free but some of the libraries that it requires are GPLd. This causes problems for including the ssh code on routers etc. If I am mistaken, please email me privately, I would be glad to learn more about this. Bora ----- Original Message ----- From: "Joe Shaw" <jshaw@insync.net> To: "Richard A. Steenbergen" <ras@e-gerbil.net> Cc: "Richard Welty" <rwelty@vpnet.com>; "Bill Fumerola" <billf@chimesnet.com>; "Hendrik Visage" <hvisage@is.co.za>; "Bradly Walters" <bwalters@inet-direct.com>; <nanog@merit.edu> Sent: Thursday, October 05, 2000 8:41 AM Subject: RE: RSA Patent Expired
On Wed, 4 Oct 2000, Richard A. Steenbergen wrote:
except that nobody should be using ssh1 for _anything_ if they can possibly avoid it. even the orginal authors of ssh are strongly advocating consigning ssh1 to the trash heap of computer security.
I think you're confused, ssh1 is still a very valid protocol. It is well tested and proven, and in many cases better implemented then ssh2
(though
of course that may change eventually). Don't confuse the desire to make money with insecurity.
No, he's not confused. Supposedly, using any algorithm other than 3DES with SSH1 can set you up for some type of stream insertion attack. I've never seen it personally, but supposedly the threat does exist.
Furthermore, OpenSSH supports ssh2 and is free, in both the free beer and the free speech way. The BSD license is cool like that.
-- Joseph W. Shaw - jshaw@insync.net Computer Security Consultant and Programmer Free UNIX advocate and all around nice guy.
participants (6)
-
Bora Akyol
-
Enkhyl
-
Frater M.A.Ch.H. 999
-
Joe Shaw
-
Richard A. Steenbergen
-
woods@weird.com