From: Daniel Lyons <fusion@storytotell.org>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Subject: Re: [9fans] Plan 9 hg with private repositories
Date: Thu, 13 Aug 2009 11:45:10 -0600 [thread overview]
Message-ID: <59AEA692-E5E9-41BE-8B91-BD0595B8598B@storytotell.org> (raw)
In-Reply-To: <9ab217670908130813t3e844c59xed3a9e929ff6bd37@mail.gmail.com>
On Aug 13, 2009, at 9:13 AM, Devon H. O'Dell wrote:
> If I"m recalling correctly, SSHv1 is insecure only if the remote
> server is
> untrusted. Or am I not recalling correctly?
I believe you're correct and that server fingerprinting was introduced
in v2. I asked some friends of mine about it and they said the
principal issue is that it uses CRC for the packet checksum, which
makes it not particularly hard for a third party to inject packets
into your connection. Also, there are theoretical attacks that allow
the session key to be recovered. One of my friends also said it only
supported 3DES, but I'm not convinced that's a cryptological weakness
in and of itself, nor that designing a new protocol with plug 'n play
crypto is genius either, since I think a lot of the complexity in SSH
v2 comes from its configurability, the effect that has on connection
setup, as well as silly optional features like connection sharing and
whatnot. (I use that silly feature all the time but I don't think I
would have offered to build it into the protocol.)
—
Daniel Lyons
next prev parent reply other threads:[~2009-08-13 17:45 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-11 16:37 John Floren
2009-08-11 17:52 ` Russ Cox
2009-08-11 18:03 ` John Floren
2009-08-11 18:21 ` Jeff Sickel
2009-08-11 21:13 ` John Floren
2009-08-13 9:13 ` Bela Valek
2009-08-13 9:47 ` Ethan Grammatikidis
2009-08-13 14:53 ` David Leimbach
2009-08-13 15:13 ` Devon H. O'Dell
2009-08-13 15:31 ` Russ Cox
2009-08-13 17:45 ` Daniel Lyons [this message]
2009-08-13 18:00 ` erik quanstrom
2009-08-13 10:11 ` Adrian Tritschler
2009-08-15 12:38 ` Steve Simon
2009-08-11 18:19 ` John Floren
2010-05-21 5:08 ` ron minnich
2010-05-21 5:15 ` erik quanstrom
2010-05-21 6:10 ` Federico G. Benavento
2010-05-21 14:31 ` ron minnich
2010-05-21 12:33 ` John Floren
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=59AEA692-E5E9-41BE-8B91-BD0595B8598B@storytotell.org \
--to=fusion@storytotell.org \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).