From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew To: 9fans@cse.psu.edu Subject: Re: [9fans] SSH Version2 Message-ID: <20021008041457.GA29252@thefrayedknot.armory.com> References: <65010503554d731e5af01bacdf6ff2b1@plan9.bell-labs.com> <20021007165746.GA4153@thefrayedknot.armory.com> <20021008021622.GB5371@mero.morphisms.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20021008021622.GB5371@mero.morphisms.net> User-Agent: Mutt/1.4i Date: Mon, 7 Oct 2002 21:14:57 -0700 Topicbox-Message-UUID: fff4511e-eaca-11e9-9e20-41e7f4b1d025 On Mon, Oct 07, 2002 at 10:16:22PM -0400, William K. Josephson wrote: > On Mon, Oct 07, 2002 at 09:57:46AM -0700, Andrew wrote: > > > on the comment about ssh2, it was made more complicated specifically so > > it would be harder to break, and said theory has held true because as > > you said yourself, the ettercap guys havent figured it out yet. i want it > > to be difficult for someone to get my username and password, impossible > > is not an option yet, but one can certainly make it more difficult. > > At least as you present it, I don't think this > a very convincing argument. SSH2 is complicated > and likely more secure that SSH1. I do not think > that these two facts should be confused with each > other, or worse yet that the added complication > should be credited with the increased security. > SSH2 is merely that much harder to implement safely > and correctly. it wasnt meant to be a convincing argument, but the fact stands that its not as vulnerable at the moment as ssh1, not in theory but in practice, granted in theory anything can be broken, practice is what counts though. so long as its your password and not mine i couldnt care either way.