From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Mon, 7 Oct 2002 22:16:22 -0400 From: "William K. Josephson" To: 9fans@cse.psu.edu Subject: Re: [9fans] SSH Version2 Message-ID: <20021008021622.GB5371@mero.morphisms.net> References: <65010503554d731e5af01bacdf6ff2b1@plan9.bell-labs.com> <20021007165746.GA4153@thefrayedknot.armory.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20021007165746.GA4153@thefrayedknot.armory.com> User-Agent: Mutt/1.4i Topicbox-Message-UUID: ffe9fe12-eaca-11e9-9e20-41e7f4b1d025 On Mon, Oct 07, 2002 at 09:57:46AM -0700, Andrew wrote: > on the comment about ssh2, it was made more complicated specifically so > it would be harder to break, and said theory has held true because as > you said yourself, the ettercap guys havent figured it out yet. i want it > to be difficult for someone to get my username and password, impossible > is not an option yet, but one can certainly make it more difficult. At least as you present it, I don't think this a very convincing argument. SSH2 is complicated and likely more secure that SSH1. I do not think that these two facts should be confused with each other, or worse yet that the added complication should be credited with the increased security. SSH2 is merely that much harder to implement safely and correctly.